DUCA Financial Services Credit Union Ltd. ("us", "our" and "we") are committed to protecting and maintaining the confidentiality of the personal, financial and other details (the "Personal Information") that we obtain from and about our members.
- why we collect member information,
- what information we collect from members,
- who we disclose member information to,
- how we protect member information,
- accessing, updating and removing your Personal Information, and
- providing or withdrawing your consent to our collection, use or disclosure of your Personal
1. Why we collect, use and disclose your Personal Information.
We only collect the Personal information that is necessary for us to:
- Serve you: we collect the Personal Information that we require to serve you as a member, including to:
- verify your identity;
- evaluate and process your applications, claims, accounts, transactions and reports;
- provide you with ongoing service;
- analyze your financial needs and activities;
- recommend products and services to you;
- contact you regarding your subscribed products and service;
- help protect you and us against fraud and error; and
- comply with applicable laws and regulatory requirements.
- Administer our business:
- we collect the Personal Information that we require to administer our business, including to:
- help protect you and us against fraud and error;
- manage and asses our risks, operations and relationship with you;
- improve and develop products and services to meet your needs; and
- comply with applicable laws and regulatory requirements.
If we need to collect Personal Information for any other reason, we will identify that purpose.
We will inform you of the purpose for which we are collecting your Personal Information when you apply for any of our products or services. If a new purpose for using or disclosing your Personal Information develops, we will ask you for your consent. We will only use or disclose your Personal Information for the reason(s) it was collected.
2. What Personal Information we collect.
- Information that you provide. When you enquire about or use our products and services we may need you to provide us with Personal Information. Personal Information that we may collect from you includes:
- Identification information: at the beginning of and during the course of our relationship we will collect your name, address, phone number, email address, date of birth, citizenship and occupation.
- Social Insurance Number: if you request products or services that may generate interest or other investment income, we will ask for your Social Insurance Number for revenue reporting purposes in order to comply with the Income Tax Act (Canada). We may also ask for your Social Insurance Number to aid in identifying you – in such cases the provision of your social insurance number to us is optional.
- Credit information: if you apply for a credit card, line of credit, loan, mortgage or other credit facility, or a deposit account with overdraft protection, hold and/or withdrawal or transaction limits, we will obtain information and reports about you from credit reporting agencies and other lenders at the time of and during the application process, and on an ongoing basis to review and verify your creditworthiness and/or establish credit and hold limits.
- Financial information: we may ask you to provide us with financial information about yourself in order to ensure that the advice we give is appropriate for you and/or the investments you purchase are suitable for your circumstances.
- Health information: if you apply for, request pre-screening for or make a claim under an insurance product that we insure, reinsure, administer or sell, we may, if necessary, collect, use, disclose and retain health-related Personal Information about you. We may collect this information from you or any health care professional, medically-related facility, insurance company or other person who has knowledge of your Information. We may also obtain a personal investigation report. We may use this information to ensure that you are eligible for insurance coverage, to administer your insurance, to investigate and adjudicate your claims and to help manage and asses our risks.
- Marketing: we may contact you to better understand your financial needs and activities so that we may tell you about other products and services that may be of interest to you; to determine your eligibility to participate in contests, surveys and promotions; to conduct research and surveys to assess your satisfaction with us as a member; and to develop products and services to meet your needs.
- Your relationship with us: we will collect information arising from your relationship with and through us and your use of our products and services. For example, we will maintain a record of your account balance(s), transaction history and payment history. As well, when you send us an e-mail, speak with one of our telephone service representatives, communicate with us in person or through any other means, we may monitor, record and retain those communications for our mutual protection and in order to process your inquiries, respond to your requests and improve our services.
- Information collected via cookies. When you visit our website we may use a cookie to track information about your browser's activities and to provide you with better services and features on our website. The types of cookies that we may use are "session cookies" and "persistent cookies".
- Session cookies: Session cookies store information only for the length of time that you are connected to a website – they are not written onto your hard drive. Once you leave the website, they expire and are no longer active. We use session cookies to record certain information from your browser including your Internet Protocol (IP) address, browser type, internet service provider (ISP), referring or exit pages, operating system and the dates and times that you visit our website. Additionally, we may record certain information regarding your use of features on our website. Session cookies allow us to gather statistical data which provides insight into how we may improve our products and services and to identify your current session to our web server.
- Persistent cookies: Persistent cookies store information on your hard drive and can be re-read when you return to the site that placed them on your hard drive. We use persistent cookies to help us verify you as our client, to remember your preferences, and to help block unauthorized attempts to access your Personal Information.
- Location information. We may collect and store information about your location if you enable your computer or mobile device to send us location information. You may be able to change the settings on your computer or mobile device to prevent it from providing us with such information.
- Information from other sources. Where it is necessary, we may collect Personal Information about you from third parties, including from:
- government agencies and registries, law enforcement authorities and public records;
- credit reporting agencies;
- other financial institutions;
- other service providers, agents and other organizations with whom you make arrangements;
- employers and personal references you have provided; and
- persons authorized to act on your behalf under a power of attorney or other legal authority.
When we obtain Personal Information from a third party we will record the source of that information.
3. Who we disclose your Personal Information to.
We will only use or disclose your Personal Information for the reason(s) it was collected.
If we disclose Personal Information for a non-routine purpose, we will keep a record of what, when, why and to whom such information was released.
- Our subsidiaries or affiliates. We may share your Personal Information, other than your health information (which may be collected in conjunction with or as part of your purchase of insurance products), with our subsidiaries or affiliates (the "DUCA group") for legal and regulatory purposes, to manage credit risk and other business risks, to perform analytics, to ensure that we have correct and up to date information about you and to the extent necessary if you have requested a product or service that is jointly offered by more than one member of the DUCA Group.
- Suppliers. We may use other companies to provide services on our behalf. These companies will only be given the information needed to perform those services. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed. Our suppliers may perform activities outside of Canada. As a result, your information may be securely used, stored or accessed in other countries and may be subject to the laws of those countries. These companies may be required to disclose your Personal Information in response to valid demands or requests from governments, regulators, courts and law enforcement authorities in those jurisdictions or countries.
- Third parties. We may share your Personal Information with third parties in order to allow us to evaluate and process your applications and to allow such third parties to properly answer questions when providing us with information about you. Depending on the product or service that you request or subscribe for, we may share your Personal Information with government agencies and registries, law enforcement authorities and public records, health-care professionals, medically-related facilities, insurance companies, credit reporting agencies, other financial institutions or other persons who have knowledge of your Personal Information.
- Merger or sale. In the event that we are acquired by or merged with a third-party entity, or if we sell a part of the our business, we reserve the right to transfer or assign the Personal Information that we have collected from you as part of such merger, sale or other change of control.
- Where required by law. We may disclose your Personal Information if we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, self-regulation, legal process or enforceable governmental request. When we provide information in response to a legal inquiry or order that we believe to be valid, we disclose only the information that is legally required. Note that we may process your Personal Information on our servers in Ontario, Canada and in other countries as may be necessary. In such cases your Personal Information may be disclosed in response to valid demands or requests from governments, regulators, courts or law enforcement authorities in those jurisdictions or countries.
- Protection of our interests. We may also disclose your Personal Information if we believe, in good faith, that it is appropriate or necessary to take precautions against liability; to help us collect a debt or enforce an obligation owed to us by you; to protect against fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of our products and services; or to protect the rights, property, or personal safety of our customers, employees or others.
- Consent. We may disclose your Personal Information where you have authorized us to do so. For example, we may share your information with those that you share ownership or liability of a product or service and, if you authorize us, we may provide your information to your lawyer, accountant or others people or entities that you have identified.
4. How we protect your Personal Information.
- Security processes. We make commercially reasonable efforts to safeguard your Personal Information from loss or theft, unauthorized access, disclosure, duplication, use or modification through security measures appropriate to the sensitivity of the information. These measures include internal reviews of our data collection, storage and processing practices and security measures which include appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information.
- Password. Your account and Personal Information is protected by a password for your privacy and security. Your password and other access codes are private and confidential - our employees cannot gain access to them and will not ask you to reveal them. It is your responsibility to use your best efforts to prevent unauthorized access to your account and Personal Information by selecting your password appropriately, and limiting unauthorized access to your computer, browser and mobile platform.
5. Accessing, updating and removing your Personal Information.
- Accessing your Personal Information. We make good faith efforts to provide you with access to your Personal Information. You may review or verify your Personal Information by reviewing your account statements or passbook updates, by visiting the branch or office where your account is held, or by accessing your account through our online or mobile banking platform. If you would like to find out to whom we have disclosed your Personal Information, you may contact the branch or office where your account is held. In most provinces you have the right to access and verify the Personal Information held about you by credit bureaus. We will provide you with the name and location of any credit bureau that has provided us with a report on you. If you require other information, simply contact or forward a written request to the branch or office where your account is held along with your account number and the information requested to be accessed and we will attempt to satisfy your request within a reasonable period of time. We may be unable to provide information about you from our records which contains references to other persons, is subject to legal privilege, contains confidential information proprietary to us, relates to an investigation of a breach of agreement or contravention of laws, or cannot be disclosed for other legal reasons. If we are unable to provide some of the Personal Information we hold about you, we will let you know the reason(s) why, subject to any legal or regulatory restrictions.
- Updating your Personal Information. We take care to keep your Personal Information as accurate, complete and up-to-date as is necessary for the purposes for which it was collect. We do, however, rely on you to tell us when your Personal Information changes. Most of your Personal Information may be updated by visiting the branch or office where your account is held, or by accessing your account through our online or mobile banking platform. If you find any errors in our information about you, please let us know. If we do not agree with your request to change your Personal Information, we will make a record of your request and, if necessary, disclose it to third parties who also possess your Personal Information. If we agree with your request, we will make the correction(s) as soon as reasonably possible, and make sure they are conveyed to anyone we may have misinformed.
- Retention of your Personal Information. We retain your Personal Information only as long as it is required for the reason(s) that it was collected. This length of time will vary depending on the product or service and the nature of the information and may extend beyond the end of your relationship with us. When your information is no longer needed for the purpose for which it was collected, we will destroy, delete, erase or convert it to an anonymous form.
- Fees for access and correction. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. We will advise you of any applicable fee prior to proceeding with your request.
6. Providing or withdrawing your consent.
We will obtain your consent before collecting, using or disclosing your Personal Information, except where permitted or required by law. Depending on the situation and the sensitivity of the information, we may obtain your consent in different ways. Express consent may be obtained verbally, electronically or in writing from you or your authorized representative (such as a legal guardian or attorney appointed pursuant to a power of attorney). Implied consent may be obtained through your use or continued use of a product or service, or when you approach us to obtain information, inquire about or apply for products or services from us.
You may withdraw your consent provided that: you provide reasonable notice; we are not legally required to collect, use or disclose your information; withdrawing your consent does not impede our ability to fulfill your contract with us; and your consent does not relate to a credit or insurance product we have granted you where we are required to collect and exchange your Personal Information on an ongoing basis after credit has been granted, an application has been underwritten or a claim has been adjudicated. You may withdraw your consent by contacting the branch or office where your account is held or by calling us at 1 (866) 900-DUCA (3822). Our staff will be pleased to explain your options and any consequences of refusing or withdrawing your consent, and record your choices.
Several of the privacy preferences available to you, subject to legal, business or contractual requirements, are outlined below.
- Direct marketing. During the registration process for our products or services, you will be asked to indicate whether you consent to receiving information that may be of interest to you through various channels including direct mail, telephone, electronic or other means. This does not include messages or other information about promotional offers we provide on, or enclose with, your written or electronic account statements, or that we may discuss while talking with you. You may opt out of receiving such communications from us at any time by clicking on the "unsubscribe" link in any such electronic messages, by making a modification on your account settings page or by contacting us. Any marketing campaigns that are already underway may not immediately take your preferences into account.
- Sharing with our subsidiaries or affiliates. We may share your Personal Information with our subsidiaries or affiliates (the “DUCA group”) for: fraud or crime prevention, suppression or detection; to meet regulatory, legal or reporting requirements; to manage credit risk and other business risks; to perform analytics; to ensure that we have correct and up to date information about you; and to the extent necessary if you have requested a product or service that is jointly offered by more than one member of the DUCA Group. You may not withdraw consent for this sharing. We may also share your information to better manage your total relationship with the DUCA group and enable other members of the DUCA group to bring suitable products and services to your attention. We may share your information within the DUCA group for these purposes unless prohibited by law or you tell us not to.
- Social Insurance Number. We are required by law to ask for your Social Insurance Number when you apply for a product that earns income. We may also ask for your Social Insurance Number to aid in identifying you – in such cases the provision of your social insurance number to us is optional. Note, however, that use of your Social Insurance Number is the best way to verify that information received from credit bureaus pertains to you – wrong information could lead us to draw wrong conclusions about you.
- Credit bureaus. In order to provide a credit product or service to you, we must obtain your consent to exchange information about you with credit bureaus. Once you have a credit product with us, we will share your credit experience on an ongoing basis with other lenders and credit reporting agencies. You cannot withdraw your consent for this sharing of information as it is necessary to support the credit process.
- Insurance Services Bureau and Medical Information Bureau. In order to provide an insurance product or service to you, we must obtain your consent to exchange information about you with the Insurance Services Bureau and the Medical Information Bureau. Once you have an insurance product with us, we will share your claims and insurance history with the Insurance Services Bureau and Medical Information Bureau. You cannot withdraw your consent for this sharing of information as it is necessary to support the data integrity of the insurance industry and the underwriting record.
- Program partners. We may share Personal Information with program partners and our suppliers, agents and other organizations that perform services for us or on our behalf to the extent necessary to provide and administer the products and services that you have with us. If you withdraw your consent for this sharing, we may not be able to provide you with the relevant product or service.
7. Complaints and questions
You may also contact us if you have any questions regarding decisions made about you. In such cases we will tell you the reasons for those decisions and, if we relied on information from a third party such as a credit bureau to make the decision, we will provide you with the name and address of the third party.
If you are not satisfied with our response to your inquiries, you may contact the Office of the Privacy Commissioner of Canada:
Mail: The Office of the Privacy Commissioner of Canada, 112 Kent Street, 3rd Floor Ottawa, ON K1A 1H3
Office of the Privacy Commissioner of Canada website.
Last Revised: July 17, 2013
A member can contact the Privacy Officer by email at email@example.com or mail at:
DUCA Financial Services Credit Union Ltd.
5290 Yonge Street
Toronto, ON M2N 5P9
Attention: Privacy Officer