Effective Date: December 7, 2025

As an insurance agent licensed by the Financial Services Regulatory Authority of Ontario (FSRA), I, Mikkell K Khan, am committed to protecting your privacy in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation (CASL), and FSRA’s Principles of Conduct for Insurance Intermediaries. This policy outlines how I collect, use, disclose, and safeguard your personal information when you interact with my website (https://mikkellkhan.com), lead generation forms, emails, or services related to accident, sickness, hospitalization, disability, and income protection insurance products from Combined Insurance Company of America (a Chubb Company).

Our website address is: https://mikkellkhan.com.

Who We Are

Mikkell K Khan is an independent insurance agent specializing in income protection solutions for Ontario residents. I collect personal information to provide personalized advice, process inquiries, and facilitate insurance applications. All data handling adheres to PIPEDA’s 10 fair information principles: accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.

What Personal Data We Collect and Why We Collect It

I collect only the personal information necessary to identify your insurance needs, assess eligibility, and provide services. This is limited to what is required under FSRA guidelines for fair dealing and suitability assessments.

Types of Data Collected

  • Contact Information: Name, email, phone number (from lead forms, comments, or inquiries) – to send free resources (e.g., income calculators, PDFs) and follow up on requests.
  • Demographic/Financial Data: Age/date of birth, height/weight, employment status, income estimates (voluntarily provided via calculators or eligibility quizzes) – to estimate coverage gaps and eligibility for products like Disability Insurance or Income Guard Insurance.
  • Health/Insurance History: Responses to health questions (e.g., medical conditions, treatments) if shared during consultations – solely for quoting purposes, with explicit consent.
  • Technical Data: IP address, browser user agent (for spam detection on comments/forms).
  • Analytics Data: Site usage (anonymized via tools like Google Analytics) – to improve user experience.

Purposes for Collection

  • Provide free tools (e.g., income gap calculator) and educational resources (e.g., “6 Ontario Ways” PDF).
  • Assess insurance suitability and generate quotes.
  • Communicate via email/SMS (e.g., follow-ups, tips) under CASL consent.
  • Comply with FSRA record-keeping for client files (up to 7 years post-transaction).

Collection is always with informed consent (e.g., via form opt-ins). I limit it to what’s needed and do not collect sensitive data without explicit purpose.

Comments

When visitors leave comments, I collect the data shown in the form, plus IP address and browser user agent for spam detection. An anonymized email hash may be shared with Gravatar (privacy policy: https://automattic.com/privacy/). Approved comments make your profile picture public.

Media

Uploaded images should not include EXIF GPS data; visitors can extract it if present.

Contact Forms & Lead Generation

Forms collect name, email, phone, and optional demographics for free resources. Consent is obtained via checkboxes: “I consent to receive emails/SMS with my tools and tips (unsubscribe anytime).” Data is used only for the stated purpose; no sharing without consent.

Cookies

  • Comment opt-in saves name/email/website in cookies (1 year).
  • Login page temporary cookie (discarded on close).
  • Login cookies (2 days; 2 weeks with “Remember Me”).
  • Screen options/post edit cookies (1 year/day).
    You can manage cookies via browser settings.

Embedded Content

Embedded videos/images from third parties (e.g., YouTube) may track interactions if you’re logged in there.

Analytics

Anonymized usage data via Google Analytics (privacy: https://policies.google.com/privacy) to optimize the site. No personal identifiers shared.

Who We Share Your Data With

  • Insurers: With consent, to Combined/Chubb for quotes/applications (they adhere to PIPEDA).
  • Service Providers: Email tools (e.g., Brevo) or analytics (Google) under strict agreements; no selling data.
  • Legal/Regulatory: FSRA, courts, or law enforcement if required (e.g., audits).
  • Business Transactions: In mergers, data may transfer under protective agreements.
    No sharing with third parties for marketing without explicit consent. Password resets include IP in emails.

How Long We Retain Your Data

  • Comments/metadata: Indefinitely for moderation.
  • User profiles: Until deleted by you.
  • Lead/Inquiry Data: Up to 7 years for FSRA compliance, then securely destroyed.
  • Health/Financial Data: Only as long as needed for the purpose (e.g., 2 years for inactive leads), then anonymized/deleted.
    Retention aligns with PIPEDA’s limiting principle.

What Rights You Have Over Your Data

Under PIPEDA and FSRA:

  • Access: Request a copy of your data (free, within 30 days).
  • Correction: Update inaccurate info.
  • Withdrawal of Consent: Revoke anytime; affects future processing.
  • Deletion: Erase data (except legal obligations).
  • Portability: Export in structured format.
    Email mikkell@mikkellkhan.com to exercise rights. I appoint myself as Privacy Officer for accountability.

Where We Send Your Data

  • Servers in Canada/U.S. (protected by agreements).
  • Comments checked via spam tools (e.g., Akismet).

How We Protect Your Data

  • Encryption (HTTPS, secure forms).
  • Access controls (passwords, firewalls).
  • Employee training on FSRA privacy principles.
  • Breach detection: Notify you/OPC/FSRA if risk of harm (per PIPEDA mandatory reporting).

What Data Breach Procedures We Have in Place

  • Assess breaches within 24 hours.
  • Report to Privacy Commissioner/FSRA if significant risk.
  • Notify affected individuals promptly.
  • Maintain 2-year records of all breaches.

What Third Parties We Receive Data From

  • None routinely; only if you provide (e.g., social logins).

What Automated Decision-Making and/or Profiling We Do

  • Calculators use basic algorithms for gap estimates (no sole automated decisions; human review for quotes).
  • No profiling for marketing.

Industry Regulatory Disclosure Requirements

As an FSRA-licensed agent (License # [Insert if available]), I comply with:

  • FSRA Principles: Collect/retain only necessary data; protect confidential info; obtain consent for use/disclosure.
  • CASL: Emails/SMS require express/implied consent; unsubscribe links in every message.
  • PHIPA: If health data collected, treated as personal health information with heightened safeguards (Ontario-specific).
    Violations reportable to FSRA/Privacy Commissioner. Complaints: Contact me first, then FSRA (1-800-668-0128) or OPC (1-800-282-1376).

Your Contact Information

Questions? Email mikkell@mikkellkhan.com or call (647) 770-1030.

Changes to This Policy

Updated annually or as required. Check back for revisions.

Scroll to top