Our offices are closed on Friday, April 18 and Monday, April 21. We’ll resume regular hours on Tuesday, April 22. Our member site and app are available 24/7.

Travelling over the long weekend? On April 18 and April 21, our travel call centre will be open from 6:30 a.m. to 2:30 p.m. MT. If you want to purchase travel insurance, please call 1-800-394-1965 or purchase a plan online.

Close
Skip to main content
Home

Privacy Policy

Alberta Blue Cross® Privacy Policy

Your privacy matters to us

Effective date: May 15, 2025

At Alberta Blue Cross®, we are committed to protecting the personal information that we collect, use, disclose and store. This Privacy Policy explains how we collect, use, share personal information.

In addition to this Privacy Policy, you should review:

  • any additional consents you provided to us, and
  • any terms and conditions you agreed to,

when accessing or participating in our programs or services.

If there is any inconsistency between these consents, terms or conditions, this Privacy Policy will prevail.

Table of contents

Here's an index to our full policy. Click on a link to skip ahead or go to the full Privacy Policy.

Information collection and usage

Personal information covered by this policy

What personal information we collect

How we collect your personal information

How we use your personal information

Information sharing and security

How we disclose and share your personal information

How we secure your personal information

When we combine data

How long we keep your personal information

Your rights and controls

How you can withdraw your consent

How we use cookies

Policy changes and questions

Changes to this Privacy Policy

Privacy questions or concerns

1. Personal information covered by this policy

This Privacy Policy applies to the personal information collected by us, including via our website, mobile applications, other online platforms and contact centres.

Personal information is any information that can identify a person, either on its own or when combined with other information. It does not include business contact information when we use that information to communicate with a person about their employment, or anonymous or de-identified data not linked to a specific person.

When this Privacy Policy does not apply

This policy does not explain how personal information is managed by Balance®, an online wellness tool for members. Please refer to the Balance® Privacy Statement for details on how we collect, use and disclose your personal information when you use Balance®.

Personal information we collect only through your use of Balance® will not be used for purposes of determining of eligibility for coverage or determining premium rates.

This Privacy Policy does not apply to personal information of our employees, or to information that is not personal information.

2. What personal information we collect

The personal information we collect depends on various factors, such as the type of products or services you use or apply for, the channel you use to communicate with us, and any applicable legal and regulatory obligations.

We collect the following categories of personal information:

A. Enrolment, contact and payment information

We collect personal information that helps us verify and manage your account, and to communicate with you. We may also collect payment information from you.

Here are some examples of the information we may collect:

  • Name and contact information such as your name, address, phone number, email, or social media account username, and other similar contact information.
  • Identifiers and demographic information that we use to establish and verify your identity including name, gender, date of birth, date of death and occupation, government issued identification, knowledge-based information (for e.g. username, password, signature and account information), insurance policy number.
  • Payment information required to process payments due to us such as payment card information including its account number and any associated security code or bank account information.
  • Biometric information that enables us to verify your identify including your facial features and fingerprint.
  • Government-issued identification numbers such as a Social Insurance Number (SIN) or Personal Health number (PHN) may be collected to comply with legal or regulatory obligations. For example, the Income Tax Act (Canada) requires us to collect your SIN if we pay you income.
  • Transaction information may be collected to inform us how you use products and services, such as your purchase and payment history.
  • Information about other people: If you provide us with information about another person, such as beneficiaries or spouses, common-law partners or dependents covered by benefits or an insurance product, we assume that you have the necessary authority and consent to share their information with us. We also assume that you have their consent for us to collect, use and share their information as described in this policy.
  • Account information regarding your online account with us, including account credentials, information about devices used to access your account, the IP addresses used to access your account, browser type (for example, Chrome or Safari) and other personal information you add to your account.
  • Other information you provide to us via surveys or feedback on our services.
  • Health and lifestyle information such as your occupation, family health history, personal activities, travel history and plans, behaviors and lifestyle choices such as alcohol use or smoking status. It may also include financial information such as your place of employment and annual income. We may also collect diagnostic, prescription or treatment information to assess your claims.
  • Information about your preferences or interests such communication preferences.

B. Health or lifestyle related information

We may collect health or lifestyle-related information and employment information. This may include your occupation, place of employment, family health history, personal activities, travel history and plans, behaviors and lifestyle choices such as alcohol use or smoking status. It may also include financial information such as your annual income. We may also collect diagnostic or treatment information to assess your claims.

C. Digital channels

We collect information about you when you interact with our websites, mobile apps, social media platforms or other digital channels. This helps us enhance your experience, understand how these digital channels are used, and ensure their security. When you visit our website or mobile apps, we may provide you with more information about personal information collected through these digital channels.

3. How we collect your personal information

We collect your personal information, with your consent or as permitted by law, directly from you and from third parties, public sources, or by using technology.

A. Directly from you:

We receive personal information from you through your interactions with us, such as when you contact our customer support team, create an account, submit a form to us, visit our website, request a quote or apply for a product or service.

B. From third parties

We may receive personal information about you from other sources you have authorized to disclose personal information to us. But this can also happen without your consent if the law requires us or permits us to do so.

Here are examples of when this may happen.

We may receive personal information from:

  • third parties you have authorized to disclose personal information to us or third-party accounts you allow us to access— this could include your doctor, health care provider, medical professionals or other insurance companies
  • your employer if you are a member of a group plan or you apply for group benefits
  • the Medical Information Bureau to help us evaluate life and health insurance applications
  • third parties we work with to issue and manage our products and services
  • public sources such as government agencies and websites, including to update incomplete or outdated information on our files for the purpose of contacting our members and beneficiaries

C. Through technologies

We may collect personal information through various technologies. These include point of sale systems, telephone, video surveillance and other similar technologies. We may collect certain types of personal information electronically using cookies and your internet protocol (IP) address when you use our websites or member app, interact with us through social media, open email links or view our online ads.

We use and disclose video surveillance in and around our offices to maintain the safety of employees, members and visitors to our offices, and to protect against illegal activity such as theft, vandalism, and fraud. Recorded images are routinely destroyed and not shared with third parties unless required for legal purposes or there is suspicion of illegal activity, in which case they may be released to the police or other appropriate government agency or authority, or for insurance purposes or to defend ourselves in litigation.

We may record telephone calls for quality assurance and training purposes or to create a record of the information that you have given to us or that we have given to you.

4. How we use your personal information

We use your personal information to provide you with products and services, communicate with you, manage our business, enhance your customer experience with us and as permitted or required by law.

A. Providing products or services

When providing products or services, we may use your personal information including:

  • to confirm your identity and to authenticate you when you contact us
  • to provide you with information about our products and services and educational material
  • to review applications submitted to us and determine your eligibility for a product or service, set appropriate premium rates, issue and administer the insurance or benefit plan, and make decisions about, process and pay claims
  • to set up and manage your accounts, products and services
  • to verify information provided to us
  • for the purposes set out in your agreement with us and in this Privacy Policy
  • to invoice you for premiums or payments

B. Communicating with you

When communicating with you, we may use your personal information to:

  • provide notices about your account, including expiration and renewal notices and payment details
  • provide information and updates about our products, services, promotions and contests
  • take instructions from you and ensure we act on your instructions (for example by recording phone calls)
  • respond to your questions
  • better manage our relationship with you

C. Managing our business

When managing our business needs, we may use your personal information to:

  • improve our products and services to better meet your needs
  • improve quality assurance and training and to create a record of the information you provided
  • detect security incidents, protect against malicious, deceptive, fraudulent and illegal activity
  • maintain the health, safety and security of our employees, customers and property
  • perform everyday business and operations such as meeting our contractual obligations, record keeping and internal reporting
  • reinsure to manage our insurance risk
  • monitor, review and improve customer service and internal business processes
  • comply with all applicable laws

D. As permitted or required by law

When permitted or required by law, we may use your personal information to:

  • comply with any court order, law, legal process or other legal requirement, including responding to any government or regulatory requests
  • carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection

5. How we disclose and share your personal information

We may disclose your personal information to third parties to carry out the purposes described in this Policy or as permitted or required by law.

We do not sell or disclose your personal information for marketing purposes.

A. Service providers

We may share your personal information with service providers we retain to provide certain products or services to you. They are only given the personal information they need to provide the services and are not permitted to use or disclose your personal information for their own purposes. Prior to sharing personal information with service providers, we require them to protect the information in accordance with applicable law and in a manner that is consistent with this Privacy Policy.

We may share personal information with the following categories of service providers:

  • service providers who provide us with services required for the conduct of our business, including IT and hosting services, payment processing and third-party auditors, actuaries and advisors
  • independent medical consultants for disability claim management and emergency travel claim adjudication
  • when we distribute insurance, we collect and share information on behalf of the insurance underwriter with third parties to help administer the insurance, pay claims and resolve complaints
  • service providers to manage your benefits and insurance with us—such as administration, claims and underwriting support, travel assistance providers, health care practitioners, medical facilities and insurance information bureaus and emergency travel services
  • third-party auditors, consultants or administrators to fulfill the terms of your benefit plan
  • insurance service providers, including insurance and reinsurance companies
  • records and storage destruction service providers, and printing, mail and fax service providers
  • third-party digital service providers, with your consent

Service providers outside Canada

We limit the number of service providers we use outside of Canada. However, some providers may be located outside of your province or Canada.

Your personal information may be stored or processed outside of Canada, in which case, the personal information is subject to the laws in those jurisdictions and may be disclosed in accordance with those laws which may allow law enforcement, courts, and regulatory agencies to access the personal information.

When we engage a service provider outside of Canada, we take measures to protect your personal information via appropriate contracts and other safeguards.

If you would like more information on our use of service providers outside of Canada, please contact our Privacy Office.

B. With your authorization

We may disclose your personal information to third parties where you have authorized us to do so.

C. Sale or transfer of business

We may disclose your personal information if our business is merged, sold or partially sold to a buyer or successor, as permitted by law.

D. Where permitted by law

We may disclose your personal information without your consent where we are required or permitted to do so by law:

  • to enforce our agreements with you or your employer—this includes investigating and defending ourselves against any third-party claims or allegations
  • to comply with laws, regulations, subpoena, court orders or other legal process
  • when it is reasonably necessary to investigate, prevent, or act against suspected or actual illegal activities, cyber threats or to assist government agencies, self-regulating bodies, and law enforcement
  • if we believe the disclosure is necessary to protect the rights, property or safety of Alberta Blue Cross®, our employees, customers or others—this includes sharing information with other companies or organizations when we believe it is reasonably necessary to prevent or investigate fraud, abuse or illegal conduct

E. Optional marketing purposes

We may use your personal information to provide you with communications about additional products and services that may be of interest to you. The collection, use and disclosure of your personal information for such marketing purposes is entirely optional and is not required as a condition of doing business with us. You may withdraw your consent to the use of your personal information for optional marketing purposes at any time by updating your preferences in our preference centre or by using the unsubscribe or opt-out mechanism provided in our communications.

6. How we secure your personal information

We maintain various physical, organizational and technological security safeguards to protect your personal information against unauthorized access, improper use or disclosure, loss or theft or similar risks.

A. Physical safeguards

These are measures like our building security system that prevent unauthorized access to our building. Personal information recorded in paper documents is securely stored whether in our offices or in off-site storage facilities.

B. Organizational safeguards

Our policies, practices and access levels are designed to protect your personal information. We limit access to your personal information to those employees, contractors and third parties who need to use the information for one of the identified purposes.

We use the following measures to protect your information:

  • We require employees and contractors to complete annual privacy training and to comply with our Privacy Policy.
  • We conduct due diligence on third party service providers, and impose appropriate security standards for third party service providers who are permitted access to your information and make reasonable efforts to ensure such service providers have appropriate security measures to protect your personal information.

C. Electronic safeguards

We have adopted industry accepted security safeguards when storing or destroying personal information to prevent unauthorized access, improper use or disclosure, loss or theft or similar risks. We regularly review, test and enhance our systems.

Here’s a look at some of the electronic safeguards we use to protect your information:

  • Passwords: This prevents unauthorized access, disclosure, copying, use and modification of your personal information. You are responsible for keeping your password confidential.
  • Multi-factor authentication: This adds an extra layer of security by requiring you to confirm your identity in multiple ways. For example, we’ll ask for your password and a code sent to your email or phone.
  • Anonymization: This is a process that changes your personal information so that it can no longer be used to identify you. To learn more, review the details about when we combine data.
  • Masking: This masks some of your personal information to keep sensitive details safe while allowing some information to be used securely. For example, masking includes replacing some of the digits in a credit card number with asterisks.
  • Encryption: We make your information unreadable without a special code or key.
  • Logging and monitoring: We monitor and record activity related to the access of your accounts and personal information.

7. When we combine data

There are times when we may permanently de-identify your personal information and combine it with other anonymous information to make a collection of data. When information is de-identified, that means the data will no longer be associated with you. We may use combined de-identified information for business reasons without notifying you or needing your consent.

Here are some examples of how we would combine the data:

  • When we collect survey feedback, individual responses are pooled. This helps us perform research and studies aimed at improving our products, services, and technologies.
  • We may combine anonymized data sets to create reports, or for analysis by non-public artificial intelligence systems. These could be used for clinical research, market research, education, improvement of our systems and processes, and other related projects.
  • Benefit usage at a company is compiled in a way that preserves member privacy. This can help employers understand their organization’s health and find ways to improve wellness.

8. How long we keep your personal information

We keep your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, or a longer period if permitted or required by law. In some cases, depending on the nature of the personal information, we may keep it indefinitely.

When we no longer need your information, we’ll securely destroy or anonymize your personal information so that it no longer identifies you. This is done in accordance with our record retention policies and practices. The following are examples of when we would destroy or anonymize personal information.

Destroying personal information

  • You participated in a survey. Once we used your feedback to improve our services, we would no longer need the information and we would destroy the data.

Anonymizing personal information

  • You provided health data as part of a wellness program. We would anonymize data to be used to help us develop new wellness services.

9. How you can withdraw your consent

You can withdraw your consent to our collection, use and disclosure of your personal information at any time, subject to legal, business or regulatory requirements, contractual obligations and reasonable notice, but if you do so, we may not be able to provide certain products or services. For example, we may be unable to assess your claim for benefits or complete the underwriting for an insurance product.

You cannot withdraw your consent if the collection, use and sharing of the information without consent is permitted or required by law, required to ensure we have correct and current information about you or necessary to manage our business and risks, or comply with legal or regulatory obligations.

If you want to withdraw your consent, contact Customer Services at 1-800-661-6995 or write to the Privacy Office at the address below.

10. How we use cookies

Cookies are small text files that collect information when you visit our website, member site or mobile applications and are automatically downloaded on your computer or mobile device. They store data that the website can use later when you come back to it.

The cookies we use do not store personal information about you and are not linked to your identity or health information.

Our websites assign each device with a different cookie for select purposes.

We use cookies to:

  • collect anonymous statistical information to help us understand how the website is used, such as which pages are visited and how long people stay
  • remember your preferences and settings to help the website load faster
  • enhance website security
  • improve websites to provide better service
  • support interest-based advertising
  • track how many people opened links in our emails
  • verify you and your device

To use our websites, your browser must be set to accept cookies because of the security features.

Our web pages may also contain electronic images known as pixels. These are clear GIF images or action tags embedded in a web page or an email and usually invisible to the individual. Pixels are used for many of the same purposes as cookies. Pixels are not used to access personal information; they allow us to compile aggregate statistics about website usage patterns, such as how many times a link or an area on a website is clicked or whether or not an email is opened. We use this information to improve user experience on the website.

11. Changes to this Privacy Policy

We may update this Privacy Policy at any time to reflect changes to our business practices or applicable laws.

Updates to this Privacy Policy will be posted on our website and any other channels where this policy appears. We may also notify you of changes by using other appropriate methods, in accordance with applicable law.

By using our website, sending us personal information or continuing to use or purchase our products or services after we post a modified version of the Privacy Policy, you accept the changes to this Privacy Policy. The date at the top of this Policy indicates when it was last updated.

12. Privacy questions or concerns

A. How you can access your personal information

You have the right to review and examine the personal information we have about you, with some legal exceptions. Upon receiving your request, we’ll provide you with access within the time period required by law. There may be fees for some requests.

You can submit a request to access your personal information by contacting us. If you authorize a third party to make a request on your behalf, you must provide us your written consent to release your personal information to the third party.

There may be limits to your right to access your information. Depending on the circumstances, we may not be able to provide you with access to all your personal information, in which case, we'll explain why and provide you with a contact person to answer your questions. We’ll also tell you how you can request a review of our decision.

We may disclose medical information that is highly sensitive to you through your physician or health care provider.

B. How to update your personal information

We rely on you to keep your personal information up to date. If you find errors or want to challenge the accuracy and completeness of your personal information, contact us as set out below.

You can update your personal information using the contact information set out below under Section D, How to contact us, or as follows.

Through your member account

If you’re an Alberta Blue Cross® member, you can update some personal information through your account. Sign in at members.ab.bluecross.ca.

With your employer

If you have a group plan, make sure your employer or third-party administrator has your updated personal information as well.

With Alberta Health

If you have an Alberta Health plan (like Coverage for Seniors or a Non-Group plan), you can update your personal information by visiting the Alberta Health website. It's important your personal information is accurate with Alberta Health so that our files remain accurate.

If your personal information cannot be updated

We'll explain why and make note of your requested correction(s). We'll also provide you with a contact person to answer your questions and provide details on how you can request a review of our decision.

C. For more information, or if you have a privacy concern

For more information about this Privacy Policy or our practices, or if you have a concern about how we handled your personal information, please contact our Privacy Office.

To report a privacy concern anonymously, submit a report through our Alberta Blue Cross® Fraud, Privacy and Ethics Reporting service.

D. How to contact us

By phone

Call our Customer Services team at 1-800-661-6995.

By email: privacy@ab.bluecross.ca

Email is not a secure way to share information. Make sure your email does not contain sensitive personal information.

By mail

Attention: Privacy
10009-108 St NW,
Edmonton, AB
T5J 3C5

Did you receive something that wasn't intended for you?

Please fill out the Document Retrieval Form to notify the Privacy Office.