Privacy Policy

1. Purpose

The purpose of this policy is to outline the way the organisation collects, uses, discloses and protects personal information.

2. Scope

This policy applies to all employees, contractors, partners and directors of the organisation and all personal information held by the organisation relating to its Canadian customers.

3. Objective

This policy aims to ensure that the organisation complies with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). More specifically this policy will set out how the organisation will comply with the 10 principles detailed in Schedule 1 to PIPEDA, the Model Code for the Protection of Personal Information (the “Code”).

4. Policy

The organisation does not routinely collect personal information, the information it holds is largely de-identified.

This is our policy on the management, collection, security, integrity, disclosure of and access to personal information about our customers; entities that include but are not limited to individuals, companies, trusts, trustees and their assigns (‘you’) whose personal information we manage, collect, secure, disclose and correct in accordance with our reasonable business purposes.

4.1 Principle 1 – Accountability

We are committed to protecting the personal information we hold. Our customer’s trust and the security and protection of their personal information during storage or transmission is a key element of our business.

We have a Compliance Manager who is responsible for ensuring we comply with our Canadian privacy obligations. Every employee is aware of, trained on and responsible for complying with our obligations and are available to respond to any questions you may have. Contact details for our Compliance Manager and team are set out later in this policy document.

4.2 Principle 2 & 4 – Purpose of and limiting of collection

We may collect personal information directly from you and from other persons and organisations that we deal with for the purpose of performing our functions and activities and managing our risks and operations as set out below.

Purpose for collection Examples of types of information that may be collected
Verify your identity & contact information and contact you. Name, home address, telephone number(s), birth date, driver’s license details, email address, employment details.
Obtain, authenticate, verify and analyse your financial history and creditworthiness. Bank statements, bank account details, transaction histories, internet banking credentials, types of current or previous consumer credit, organisations with whom there is existing or previous consumer credit, day on which the consumer credit is entered into and terminated, default and dishonour information, court proceeding information, publicly available information.
To understand your financial needs, obligations and to respond to or assist you. Type of credit applied for, reason for credit, employment history, income and expenditure, family situation, assets and liabilities.
Provide financial analysis, identity, contact, product needs or other information relevant to our services to third parties. The third party’s name, address, telephone numbers, email address or other contact information, reason for disclosure to the third party, extent of use of information by the third party.

We will only collect information that is necessary for the purposes outlined above.

4.3 Principle 3 – Consent

We will obtain your consent to collect, use or disclose your personal information.

Such consent will be obtained expressly from you or your authorised representative at the time of collection. Your consent may also be implied where the purpose for collecting, using or disclosing is obvious and you would reasonably expect that we would have, use or disclose your personal information for that purpose.

We may also collect, use or disclose your personal information without your knowledge or consent where we are legally entitled to do so.

4.4 Principle 5 – Limiting use, disclosure and retention

We will only use and disclose your personal information for the purposes for which it was collected. We will only retain your personal information for the reasonable periods of time that are required for us to conduct our functions and activities and fulfil our legal obligations.

We will destroy your personal information upon request except where that information is required to fulfil the reasonable purposes of our business or is required to be maintained and/or stored in accordance with the law.

4.5 Principle 6 – Accuracy and data quality

We will take reasonable steps to ensure your personal information is accurate, complete and up-to-date at collection, use and disclosure.

4.6 Principle 7 – Safeguards and data security

We will take reasonable steps to ensure the security of your personal information against loss, misuse, unauthorised access, modification and disclosure.

We will take reasonable steps to ensure your personal information that is no longer needed for the purposes for which it was collected or required by legal obligations will be destroyed.

4.7 Principle 8 & 10 – Openness and challenging compliance

We aim to be transparent in our handling of your personal information. If you have any questions in relation to your personal information, would like to make a complaint or any inquiry relating to how we manage personal information, you may contact us using any of the below methods:

  • By email to [email protected]
  • By using the Complaints form on our website
  • By using the Contact Us form on our website
  • By mail to Credit Sense, Attn: Compliance Manager, 20 Bay St, WaterPark Place, 11th floor Toronto, ON M5J 2N8 Canada
  • By telephone or fax on 1 (877) 440-7696

4.8 Principle 9 – Access and correction

You can request access to and correction of your personal information that we hold by contacting us by any of the following methods:

  1. By email to [email protected]
  2. By using the Information Access and Correction form on our website
  3. By using the Contact Us form on our website
  4. By mail to The Compliance Manager, Credit Sense, 20 Bay St, WaterPark Place, 11th floor Toronto, ON M5J 2N8 Canada
  5. By telephone and fax on 1 (877) 440-7696

We will endeavour to provide you with the copies of the personal information you require or to correct your personal information within a reasonable time following receipt of your request.

If a fee will apply to supply the information, or we are permitted by law to withhold certain information, or we are unable to correct your personal information, we will advise you as soon as reasonably possible following receipt of your request for that information or correction.

4.9 Administration security

We have appointed specialist service providers for our organisation such as lawyers, document destruction contractors and external information technology contractors. These service providers are authorised to use personal information maintained by our organisation to the extent that is necessary for them to provide the contracted services. Our service providers are required to treat that information in the strictest confidence in accordance with confidentiality provisions in our agreements with the service providers and otherwise in accordance with the law.

4.10 Website access and use

Cookies may be used by us to collect information including IP addresses about people from our website. There are many aspects of the site that can be viewed without providing personal information, however, for access to future Credit Sense customer support features you are required to submit personally identifiable information. Cookies allow us to determine who has seen particular pages on our website and how frequently. This can help us to identify your preferences and allow us to recommend content we believe you’d be most interested in or would be most relevant to you.

For each visitor to reach the site, we expressly collect the following non-personally identifiable information, including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring website address. This collected information is used solely internally for the purpose of gauging visitor traffic, trends and delivering personalised content to you while you are at this site.

From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change at some time in the future we will use data collected from the time of the policy change for these new purposes only.

5. Roles and Responsibilities

The Compliance Department is responsible for the management of this policy.

6. Monitoring, Evaluation and Review

The Privacy Policy is reviewed annually and audited in line with the Organisations Information Security Management System and Risk Management Framework Policy.

7. Definitions and Abbreviations

“Customers” – entities that include but are not limited to individuals, companies, trusts, trustees and their assigns who enter into agreements with the organisation to provide services to enable entities

“Personal information” – is as defined in PIPEDA “information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organisation”

“Organisation”, “We” – Credit Sense Online Inc. and its parents and subsidiaries

“Business” – the functions and activities of the organisation