Table of Contents
- The PFS Commitment to Privacy
- Why we ask for your information
- How we obtain your consent
- Why we share your information
- Why we ask others for information about you
- When we release your information
- How we protect your information
- Your right to access your information
- Keeping your information accurate
The PFS commitment to privacy
Protecting your privacy and the confidentiality of your personal information has always been fundamental to the way we do business within PFS. We strive to provide you with the best customer service. To us, that includes treating you fairly and with respect.The PFS Privacy Code informs you of our policy on privacy, and tells you about the ways we help ensure that your privacy and the confidentiality of your information are protected.
- Collecting and using information
Either before or when we collect information about you, we will explain how we intend to use it. We will limit the information we collect to what we need for those purposes, and we will use it only for those purposes. We will obtain your consent if we wish to use your information for any other purpose and before collecting information from third parties such as credit bureaus.Your personal financial information is used to help us manage operations and risk within PFS. Your information is also used in order to satisfy valid information requests from regulators and other organizations or individuals who are legally entitled to make such requests.We may monitor and/or record your telephone discussions with our representatives for our mutual protection, to enhance customer service, and to confirm our discussions with you.We will tell you in advance if we record your telephone discussions with us.
- Releasing information
We may provide your information to other persons in situations when
- we have your consent
- the other parties are our suppliers or agents who assist us in serving you
- we are required or permitted to do so by law or applicable regulators and self-regulatory organizations
- transfers of a business are involved
- Protecting information
We will protect your information with appropriate safeguards and security measures. We will retain your information only for the time it is required for the purposes we explain.
- Providing information access and accuracy
We will give you access to the information we retain about you. We will make every reasonable effort to keep your information accurate and up-to-date.
- Respecting and responding to your privacy concerns
We will explain your options for refusing or withdrawing consent to the collection, use and release of your information, and we will record and respect your choices. We will investigate and respond to your concerns about any aspect of our handling of your information. In the PFS Privacy Code, we will explain how we fulfill each of these important principles.
- Collecting and using information
Why we ask for your information
We ask you for information to establish and serve you as our customer.At the time you begin a relationship with us and during the course of our relationship, we may collect information about you. We obtain most of our information about you directly from you. The information we ask for depends on which product or service you want. For every product or service, we need your name, address, birth date, occupation and some identification. Here is why we need some of the other information we ask you to provide.
- Birth date - This helps us identify you and ensure that no one is trying to impersonate you. We may also use it to determine your eligibility for products and services that may be of benefit to a particular age group.
- Social Insurance Number (SIN) - Providing your SIN for credit products is optional. If you provide your SIN, we also use it to keep your information separate from that of other customers with a similar name, including information we obtain with your consent through the credit approval process.
- Employer name and address - This is required when a new account is opened or when you apply for credit in order to comply with anti-money laundering regulations.
- Financial information - This is used to assess your eligibility for any credit or other loan.We only collect the information we need and only use it for the purposes explained to you.When you apply for a new product or service, we will indicate in the application or agreement how we intend to use your information. We will only ask for the information we need for that particular product or service. We will indicate clearly which information would help us to serve you but is optional for you to provide.
How we obtain your consent
It is important to understand the different ways that we may obtain your consent to collect, use, disclose and share your personal information. Depending on the situation and the sensitivity of the information, we may obtain your consent in different ways. Express consent may be obtained verbally, online or in writing. Implied consent may be obtained through your use of a product, or when you approach us to obtain products or services from us.We will not make your consent a condition of obtaining a product or service, unless it is reasonably or legally required, and we will clearly indicate when this is the case.
Why we ask others for information about you
With your consent, we may obtain information about you from third parties, including credit reporting agencies.Obtaining additional information about you from parties outside PFS helps us assess your eligibility for our products.For loans, for example, we need to know your creditworthiness. For this reason, we may contact other lenders or credit reporting agencies to get information about you and your credit history. We may also contact employers or other personal references to verify information that you have given us. We will not do this without your consent, but please remember that if you do not give your consent we may not be able to extend lease or loan products to you.
When we release your information
We do not sell or rent customer lists or personal information to others. However, we may release your information to parties outside PFS in certain circumstances, which include:
- With your consent - We release only the information required to identify you, as well as facts from our credit records about your repayment history.For servicing purposes - We give a limited amount of information, only as necessary, without your consent, to our suppliers and agents. These suppliers and agents may be located in Canada or other jurisdictions or countries, and may disclose information in response to valid demands or requests from governments, regulators, courts and law enforcement authorities in those jurisdictions or countries.
- When required or permitted to do so by law or applicable regulators and self-regulatory organizations - We may release information in response to a search warrant, court order, or other demand or enquiry which we believe to be valid. This may include requests from regulators, including self-regulators, who are responsible for ensuring PFS is in compliance with applicable regulations. We may disclose information to help us collect a debt owed to us by you. We may also disclose information to an investigative body in the case of a breach of agreement or contravention of law. This helps prevent fraud, money laundering or other criminal activity.
- Transfers of a business - As PFS continues to develop and grow, we may buy or sell parts of our businesses. As our businesses consist primarily of our customer relationships, personal customer information and information regarding the particular account or service being purchased or sold would generally be one of the transferred business assets.
How we protect your information
We will protect your information with appropriate safeguards and security measures. We have security standards to protect our systems and your information against unauthorized access and use. All our suppliers and agents, as part of their contracts with PFS, are bound to maintain your confidentiality and may not use the information for any unauthorized purpose. When we provide information in response to a legal inquiry or order, we ensure that the order is valid and we disclose only the information that is legally required.All employees of PFS are familiar with the procedures that must be taken to safeguard customer information. It is specified in our employment agreements and regularly confirmed in on-going training.We retain your information only as long as it is required for the reasons it was collected. The length of time we retain information varies depending on the product or service and the nature of the information. This period may extend beyond the end of your relationship with us but only for so long as it is necessary for us to have sufficient information to respond to any issue that may arise at a later date. When your information is no longer needed for the purposes explained to you, we have procedures to destroy, delete, erase or convert it to an anonymous form.
Your right to access your information
We will give you access to the information we have about you. If requested, we will assist you in making your request. Most of this information is in the form of your transaction records. These are available to you through your account statements.If you require other information, simply contact or forward a written request to us. We will advise you in advance if a minimal charge will be required for conducting the search, and we will respond to your request within 30 business days.Please note that we may not be able to provide information about you from our records which contains references to other persons, is subject to legal privilege, contains confidential information proprietary to PFS, relates to an investigation of a breach of agreement or contravention of laws, or cannot be disclosed for other legal reasons.If you have any questions regarding decisions made about you, we will tell you the reasons for those decisions. Where relevant, we will provide you with the name and address of the credit bureau from which a report was obtained to validate.
Keeping your information accurate and safe as we interact
We will make every reasonable effort to keep your information accurate and up-to-date.Having accurate information about you enables us to give you the best possible service and minimize the possibility that out of date information may be used to make a decision which impacts you.We have policies and procedures to help us maintain the accuracy of your information. For most updates, we rely on you for information. You can help by keeping us informed of any changes, such as if you move or change e-mail address or telephone numbers. If you find any errors in our information about you, let us know and we will make the corrections immediately, and make sure they are conveyed to anyone we may have misinformed.Email comments, questions or responses.When you send us an email or when you ask us to respond to you by email, we learn your exact email address and any information you have included in the email.We use your email address to acknowledge your comments and/or reply to your questions, and we will store your communication and our reply in case we correspond further. We will not sell your email address to anyone outside PFS. We may use your email address to send you information about offers on products and services that we believe may be of interest to you. If you don't want us to contact you by email with offers on products and services, you may tell us so at any time.If you have asked us to put you on an email mailing list to provide you with certain information on a regular basis, or if we send you information about our offers on products and services by email, you may ask us to remove you from the list at any time (using the unsubscribe instructions provided with each email and on the site where you signed up).Remember that email sent over the Internet is generally unencrypted. If PFS requests that you transmit confidential information to us over the Internet when filling out an application online, we ensure that such transmission is encrypted. We recommend that you use caution when forwarding free-format email messages to us and that you do not include confidential information (such as account numbers) in those messages, as they are not encrypted.Important Information About Preventing Email Fraud: From time to time, fraudulent emails may be circulated to you claiming to have been issued by us, requesting customers to verify their personal. Customers are often asked to click on a link in the email that directs them to a pop-up window or modified online banking login page to enter their respective login ID and password.We will never send email messages to customers requesting confidential information such as passwords or account numbers. Please do not act on any such emails as you may compromise your personal information by following links to a counterfeit Internet site(s).
Introduction and Application
The Personal Information Protection and Electronic Documents Act (“PIPEDA”) regulates the way private sector organizations collect, use and disclose personal information. PFS collects, uses and/or discloses personal information from clients other than information that is publicly available in the course of its commercial activities, it must comply with PIPEDA.PIPEDA only applies to personal information collected from clients who are individuals.“Personal Information” is defined as information about an "identifiable individual". This includes but is not limited to such things as age, income, home address and phone number. It does not cover other general contact information such as name, title, business address, business phone number. Information that PFS collects from you is subject to the requirements of PIPEDA.This Policy has been prepared with this objective in mind as well as by considering the following ten privacy principles:
Principle 1 – Accountability - PFS is responsible for personal information under its control.
Principle 2 – Identifying Purposes - The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Principle 3 – Consent - The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Principle 4 – Limiting Collection - The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Principle 5 – Limiting Use, Disclosure, and Retention - Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Principle 6 – Accuracy - Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 – Safeguards - Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Principle 8 – Openness - An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Principle 9 – Individual Access - Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 – Challenging Compliance - An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
The Need for Personal Information
PFS collects Personal Information from clients to meet certain regulatory requirements or credit approval requirements. This information will necessarily include personal information about clients. From time to time, PFS may be required to collect information from a third party. The credit bureau is an example of a third party who may provide information about a client to PFS. Examples of Personal Information collected by PFS include but are not limited to:
Name, mailing address and phone number;
- Social Insurance Number;
- Banking information;
- Date of birth;
Collection, Use and Disclosure of Personal Information
PFS will collect only the personal information necessary and where necessary to fulfil regulatory or legal obligations. PFS may collect personal information about individuals other than clients in accordance with the provisions of PIPEDA. For credit applications the credit application contains the necessary language with respect to consent. When PFS collects personal information about individuals directly from them, except in situations when their consent to the collection is deemed, PFS will advise them of the purpose for which the information is collected. When PFS collects, uses or discloses personal information, it will make reasonable efforts to ensure that the information is accurate and complete. PIPEDA also allows PFS, for legal or business purposes, to retain personal information for as long as is reasonable, but also imposes obligations upon PFS to ensure that procedures are in place to destroy the personal information when it is no longer required.
Security of Personal Information
Client information must be protected by security safeguards appropriate to the sensitivity of the information. The security safeguards protect client information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. PFS requires that all confidential information be maintained in their designated secured areas or electronic databases. Some examples of protection include the following:
- Physical measures (e.g., locked filing cabinets and restricted access to offices)
- Organizational measures (e.g., limiting access on a “need-to-know” basis)
- Technological measures (e.g., the use of passwords and encryption)
Requests for Access to Personal Information
All clients have a right to access specific information about policies and procedures relating to the management of client information. The type of information available includes the following:
- The name or title, and the address, of the person who is accountable for the organization’s policies and practices and to whom complaints or inquiries can be forwarded.
- The means of gaining access to personal information held by the organization.
- A description of the type of personal information held by the organization, including a general account of its use.
- Information that explains PFS’s policies, standards, or codes.
Upon request, a client shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. A client is able to challenge the accuracy and completeness of the information collected and have it amended as appropriate. In providing an account about an individual, PFS is obligated to be as specific as possible about third parties to which client information has been disclosed. When it is not possible to provide a specific list of the applicable organizations, PFS must provide a list of likely organizations to which it may have disclosed information about the client within a reasonable time and at minimal cost.
Restricting Access to Personal Information
An individual’s ability to access his or her personal information is not absolute. PIPEDA provides that personal information may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include:
- Information that is prohibitively costly to provide;
- Information that contains references to other individuals;
- Information that cannot be disclosed for legal, security, or commercial proprietary reasons; and
- Information that is subject to solicitor-client or litigation privilege.
Requests for Correction of Personal Information
An individual may also submit a written request to correct errors or omissions in their personal information. When provided with a written request, PFS will:
- Correct the personal information and, if reasonable to do so, send correction notifications to any other organizations to whom the information is disclosed; or
- Decide not to correct the personal information but annotate the personal information that a correction was requested but not made.