Effective date: April 2024
Last revised date: January 2024
1. Scope
2. Objectives
3. Definitions
4. Privacy Obligations
5. Accountability
6. Consent
7. Consent Withdrawal
8. Collection and use
9. Disclosure of Personal Information Outside of MCAN
10. Sharing Personal Information
11. Keeping Personal Information Accurate
12. Safeguarding of Personal Information
13. Third-Party Links
14. Children’s Guidelines
15. Retention of Personal Information
16. Access and Rectification Rights
17. Cookies and other tracking technologies
18. Updates to Policy
19. Contact – Questions or Concerns
This Privacy Policy (“Policy”) applies to all personal information that is collected by MCAN Financial Group and its subsidiaries (“MCAN”) about an identifiable individual, which includes clients and individuals associated with its clients (“Individual”), through MCAN website https://mcanfinancial.com/ (the “Site”), and by any other lawful and applicable means. The Policy applies to all past, current and prospective Individuals as applicable.
MCAN must comply with this Policy with respect to any personal information in the possession or control of MCAN and/or its subsidiaries. References throughout this Policy to “we”, “our”, and “us” refers to MCAN.
MCAN is committed to fairly and lawfully collecting and maintaining accurate personal information and to protecting the confidentiality of all personal information that we collect, retain, use or disclose to others in the course of our business activities.
Protecting Individuals privacy and the confidentiality of personal information has always been fundamental to the way we do business at MCAN. We collect, use, and disclose personal information only in compliance with applicable privacy legislation, and strive to exceed all the privacy standards established by the federal, provincial, and industry authorities in all our dealings with Individuals.
This Policy is designed to explain to you what personal information MCAN collects about Individuals, and the use to which MCAN puts that information. This Policy will also explain how the personal information is kept secure from inappropriate disclosure or use.
“personal information” means information about an identifiable individual, enabling to identify directly or indirectly that individual. It includes, without limitation, an individual’s name, residential address and telephone number, e-mail address, age and gender, personal financial records, identification numbers including their Social Insurance Number (SIN), personal health information, and personal references.
Some personal information may be considered more sensitive than other information. Sensitivity is often determined based on the expectation of the individual and/or the context of the information. Examples of sensitive information include Social Insurance Numbers, credit files, identification documents, financial account numbers, and employee financial and non-financial records.
The Personal Information Protection and Electronic Documents Act (PIPEDA), and the substantially similar provincial legislation (currently in British Columbia, Alberta and Quebec), are generally based on 10 principles, to which MCAN must adhere. These practices will provide the necessary assurances that personal information obtained and utilized by MCAN will be accurate, held in confidence and be retained in a secure environment.
The main compliance obligations under PIPEDA include the following privacy principles:
• Accountability
• Identifying purpose
• Consent
• Limiting Collection
• Limiting use, disclosure and retention
• Accuracy
• Safeguards
• Openness
• Individual access
• Challenging compliance
A Privacy Officer has been designated by MCAN to be responsible for compliance with PIPEDA and the provincial privacy legislation (“Applicable Privacy Laws”). Accountability for the organization’s compliance with the principles rests with the designated Privacy Officer, even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within the organization may be delegated to act on behalf of the Privacy Officer.
See section “Contact – Questions or Concerns” for contact details of our Privacy Officer
We will obtain consent to collect, use or disclose personal information unless we are permitted or required by law to collect, use or disclose personal information without consent. Consent may be given orally, in writing, or electronically, and may be express or implied. We will ensure that the form of consent that we use is appropriate in the circumstances, and will take into account, how sensitive the personal information is, the circumstances in which the information is being collected, and the reasonable expectations of the person from whom it is being collected in determining which form of consent to use. We will always obtain express consent when we are collecting, using, or disclosing sensitive personal information.
We collect, use and disclose different types of personal information in respect of Individuals. We only collect, use, and disclose personal information in accordance with Applicable Privacy Laws.
An Individual may choose not to provide us with some or all of their personal information. This may, however, severely restrict the products that MCAN can then provide. An Individual may withdraw their consent to our use of their personal information at any time upon providing reasonable notice, as long as all of the following conditions are met:
1) the Individual provides MCAN notice in writing by either of the following methods:
mail:
Privacy Officer
MCAN Mortgage Corporation
200 King Street West, Suite 600
Toronto, ON M5H 3T4
email:
privacy@mcanmortgage.com
and
2) withdrawing consent i) does not result in our or the Individual’s ability to fulfill the contractual obligations already in place with us; or ii) the Individual’s consent does not relate to a credit product we have granted to the Individual, where we are required pursuant to a legal obligation to collect and exchange some or all personal information on an ongoing basis, with credit insurers, other investors/lenders, or a credit bureau, or to maintain the integrity of the credit- granting system and the completeness of information held by credit bureau.
Otherwise, if you signed up to join our mailing list on the Site, you may opt out at any time by clicking the unsubscribe link in the body of the email or by contacting us at details in the below section “Contact – Questions or Concerns”. Please allow up to 10 business days for your request to be processed. Note that regardless of your opt-in preferences, we may still send you emails for administrative reasons, including transactional emails about any services or products you have requested or received from us.
When an Individual indicates that they wish to withdraw their consent to our use of their personal information, we will explain the implications of this withdrawal to them.
We may collect personal information for the following purposes:
• to provide you with our products and services;
• to verify the identity of an Individual, and to protect the Individual and MCAN from error, fraud or other misrepresentations;
• to support and maintain the accuracy and integrity of the credit reporting system, which includes Individual’s past credit and repayment history as well as other financial transactions;
• with respect to SINs, when required under the Income Tax Act for an Individual’s income tax reporting, or to verify credit bureau information against one or more MCAN products owned by the same Individual;
• to comply with a variety of legal requirements, such as provincial and federal tax reporting, anti-money laundering and unclaimed property obligations;
• to determine an Individual’s initial and ongoing eligibility for financial products;
• to allow account administration by the Independent Mortgage Brokers;
• to investigate specific transactions or patterns of transactions for the purpose of detecting unauthorized or illegal activities;
• to ensure that an Individual’s instructions can be properly verified;
• to investigate an Individual’s complaints;
• to implement risk management programs;
• to provide specific services associated with an account;
• to understand the current and future needs of our clients, for example, to conduct client surveys and other forms of market research and analysis;
• to determine suitability of new and prospective employees as part of the employment application process, including ongoing screening (backcheck) requirements;
• as otherwise required or permitted by applicable laws
We will only collect, use, and disclose as much personal information as we require to fulfill the purposes for which the personal information is being collected, unless we are required or permitted by law to collect additional information.
In circumstances where MCAN is required by law to collect SINs, for example in respect of term deposit accounts, we will require Individuals to provide their SINs. In certain circumstances, for example to assist us to verify Individual’s credit related information, provision of SINs is optional, though in some circumstances alternative information may be required to verify identity or may otherwise be required in order to provide a particular product or service.
In addition, we may collect personal information in connection with our mortgage financing or other financial services through the use of a mortgage commitment letter or a credit application during the credit application and review process.
We will notify the individual from whom we are collecting information of the purpose or purposes for which we are collecting the information at or before the time that we collect the personal information so that they may choose whether to provide us with their personal information for those purposes. We may provide this notice either orally or in writing.
If an Individual refuses to provide us with certain personal information, we will not refuse to provide them with a product or service unless we are unable to provide it without this information.
If we intend to use the personal information that we have collected for a new purpose that we have not previously disclosed, we will communicate the new purpose prior to using the information for the new purpose, unless we are required or permitted by law to use the information for this new purpose without consent.
Other than as required or permitted by law, Individual’s personal information will not be used for any other purpose without consent.
MCAN may collect personal information directly from the person to whom the personal information relates. MCAN also collects personal information from third parties, such as brokers, or individuals that are opening an account to be operated on behalf of a third party, in accordance with anti-money laundering legislation, and provided that such third parties have obtained consent from the individual to whom the information relates to provide this personal information to us. In most circumstances where the personal information that we collect is collected from a third party, we will obtain permission before we seek out this information unless we are authorized by law to collect this information without an Individual’s consent. If we do not obtain permission, we take reasonable steps to ensure that such third parties have the right to share such personal information with us, in accordance with applicable laws.
From time to time, we may utilize the services of third parties in our business. We may use third party suppliers/service providers to: print statements and correspondence, conduct telemarketing, conduct client satisfaction surveys, collect accounts, process transactions on our behalf and store information files in a secured environment. We select third party suppliers/service providers carefully and ensure through contractual means that they have privacy and security standards that meet MCAN’s requirements and comply with Applicable Privacy Laws. Similarly, payment transactions may be processed through payment systems operated by others and we may share personal information with these operators on a confidential basis to process transactions, provide client service, and for other reasonable purposes. These third parties will only be provided with as much personal information as they need to provide services to us. In some cases, these third parties may be located outside of Quebec and/of Canada, such as in the United States, and therefore personal information that has been collected by us may be processed and stored outside of Quebec and/or Canada. In such case, these third parties may therefore be subject to the laws of foreign jurisdictions, in certain circumstances, foreign courts, government authorities, regulators, or law enforcement agencies may be entitled to access this personal information without notice. Individuals will always be notified of this fact and will be made aware that by submitting their personal information to us, they agree to this transfer, storing, or processing outside of Quebec and/or Canada.
In such cases, we have contracts in place, holding these companies to the same high standards of confidentiality by which we are governed and requiring that any information provided by us must be kept strictly confidential and used only for the purposes of the contract.
MCAN has a strict policy of not disclosing personal information about Individuals, subject to the important exceptions discussed below, and in the section “Sharing Personal Information”.
The most common reason for the release of an Individual’s personal information is that the Individual has given consent. We will not release an Individual’s personal information without consent unless we are permitted or required to do so pursuant to applicable laws.
We may also be authorized or required by law to release personal information, such as pursuant to a court order, or we may need to protect our assets, or the public’s interest. For example, we may release personal information about an Individual to legal authorities in cases of criminal activity, or for the detection and prevention of fraud. If we release information for any of the reasons described in this paragraph, we shall keep a record of what, when, why, and to whom such information was released.
We do not keep a record of why an Individual’s personal information is disclosed to third parties for routine purposes, such as reporting to Canada Customs and Revenue Agency (T5, T4 and other reports) and reporting to third parties when cheques are returned NSF for insufficient funds.
MCAN does not sell or rent lists of Individuals or any other personal information to others for their use.
If we wish to disclose an Individual’s personal information for a purpose that has not previously been consented to, we will ask for the Individual’s consent before disclosing their personal information for that purpose, unless we are permitted or required by law to disclose this information without consent.
We may also share Individual’s personal information with certain of our business partners who provide us with products and services in the course of our business with the Individual.
Personal information is only shared with business partners to the extent permitted by law, and to the extent necessary to provide the Individual with the best service pertaining to account due diligence and general account administration. We only share as much personal information with our business partners as they require to fulfill the purposes for which the personal information is being shared. In some cases, these business partners may be located outside of Quebec and/or of Canada, and therefore personal information that has been collected by us may be transferred outside of Quebec and/or of Canada. In such case, these third parties may therefore be subject to the laws of foreign jurisdictions, in certain circumstances, foreign courts, government authorities, regulators, or law enforcement agencies may be entitled to access this personal information without notice.
We require our business partners to protect the personal information that we share with them in a manner that is consistent with this Policy, and any other MCAN policy and/or procedure that relates to the collection, use, and disclosure of personal information that is in effect from time to time, and Applicable Privacy Laws.
We will not collect, use or disclose personal information without consent unless we are authorized or permitted by law to do so. The limited exceptions to the requirement to obtain consent for the collection, use, or disclosures of personal information are set out in Applicable Privacy Laws.
We are committed to maintaining the accuracy of Individual’s personal information for as long as it is being used for the purposes set out in this Policy and we will take reasonable steps to ensure that your personal information is accurate. An Individual can play an active role in keeping us up-to- date, and we will ask Individuals to update us if any of their personal information changes. Prompt notification by the Individual of any changes, for example, to the Individual’s address or direct contact information, will help us provide the Individual with the best possible service. We will update Individuals’ personal information only if it is necessary for us to do so to fulfill the purposes for which the information was collected.
Individuals are always free, upon review of their personal information, to request amendments be made under the terms set out in this Policy, see section “
Contact – Questions or Concerns”. If the request is reasonable, we will make the amendment as soon as we reasonably can in accordance with Applicable Privacy Laws, and will notify any third party to which we have disclosed this information of the amendment.
If we do not agree to make the amendments that an Individual requests, we will notify the Individual of this in writing, and will keep a record of the requested amendments. The Individual may challenge our decision in accordance with Applicable Privacy Laws. We will make a record of this challenge, which will be kept on file.
We use appropriate safeguards to secure and protect personal information that is in our custody and/or control. We use physical, technical, and procedural safeguards that are appropriate to the sensitivity of the personal information in question. We ensure that we have comprehensive security controls and other safeguards to protect against unauthorized use, alteration, duplication, destruction, disclosure, loss or theft of, or unauthorized access to Individuals’ personal information.
We also implemented a comprehensive set of policies and practices to protect your personal information. These measures take into account the volume, sensitivity, intended use, and format of the information, and generally include the following a privacy framework governing the protection of personal information throughout its lifecycle. This framework defines, among other things, the roles and responsibilities of MCAN’s personnel, provides a process for handling privacy complaints. MCAN also has procedures in place when destroying, deleting, or disposing of personal information when it is no longer required for the purposes as set out in this Policy, or by law, to ensure that personal information is securely disposed of and to prevent unauthorized access to such personal information.
MCAN has other internal policies and procedures that define the roles and responsibilities of MCAN’s personnel throughout the information life cycle and limit their access to such information on a “need-to-know” basis; a designated Privacy Officer to monitor compliance with Applicable Privacy Laws; and employee privacy and data security training.
MCAN also ensures the physical, organizational and electronic security of Individual’s personal information through the use of secure locks on filing cabinets and doors, and restricted access to our information processing and storage areas. MCAN limits access to relevant information to authorized employees and business partners only, and through the use of pass keys and computer passwords and provides ongoing security management, including through, hard drive encryption, firewall management and continuous monitoring of systems.
We may provide links to third-party interfaces or websites on our Site that are not operated by MCAN.
We may also enable access to, or display of, third-party content, that is served or published by the third party; that third party may be collecting personal information from you in connection with that content. These third parties may collect and retain any information used or provided in connection with these interactions and these third parties’ practices are not subject to our Policy. When submitting information through a third-party website, you are subject to that third party terms of use and privacy policy. This Policy does not apply to those websites, which may have their own privacy policies or notices. You should review those privacy policies to understand how these parties may use or disclose your personal information. We are not responsible for the content or privacy practices of any linked websites that we do not control.
Our Site is not directed at minors under the age of 18. We do not knowingly request or collect online or off-line personal information from any person under 18 years of age without parental consent or parental notification. If we learn that we have received information directly from a minor who is under the age of 18, we will delete the information in accordance with applicable law.
MCAN only keeps Individuals’ personal information for as long as it is necessary to meet the purposes for which it was collected, unless we are required pursuant to applicable laws to retain this information for a different period of time. The length of time we retain personal information is affected by: (1) the type of product the Individual has from us, and (2) any legal requirements we may have to meet such as regulatory file retention periods or for being able to respond to any concerns the Individual may have even if the Individual is no longer a client or employee of ours, in accordance with applicable laws.
Individuals will have a right to access, as permitted by applicable law, their personal information that is in our custody or control, and information provided will be clear and in a format that is easy to understand. Individuals will also be able to request that corrections and/or updates be made to their personal information. To access and/or rectify your personal information, see section “Contact – Questions or Concerns” below.
A Cookie is a small text file that is placed on the browser or device you are using. Cookies allow us to tailor the Site to better match your interests and preferences. With most Internet browsers, you can erase Cookies from your computer hard drive, block the creation of Cookies, or receive a warning before a Cookie is stored, although doing so may affect your use of the Site and your ability to access certain features of the Site.
Our Site may use Web beacon, gif, or other technologies. When you access certain of our web pages, a non-identifiable notice of that visit is generated. These technologies usually work in conjunction with Cookies. If you don’t want your Cookie information to be associated with your visits to these pages, you can set your browser to turn off Cookies. If you turn off Cookies, Web beacon and other tracking technologies will still detect visits to these pages, but the notices they generate cannot be associated with other non-identifiable Cookie information and are disregarded.
We may use third-party advertising companies to serve ads when you visit our Site. These companies may use non-personally identifiable information about your visits to this and other websites to provide advertisements about good and services of interest to you on this Site or other websites. You can learn more about targeted advertising, its benefits and how you can opt-out of targeted advertising through the Digital Advertising Alliance of Canada’s website at http://youradchoices.ca/choices/. The website allows you to:
• Find out which companies have currently enabled customized ads for your browser.
• View a list of all companies and learn more about their advertising and privacy practices.
• Opt-out of online interest-based advertising by any of the participating companies listed on the tool.
You may also be able to manage your consent preferences on our Site Cookie banner to accept or reject our use of various categories of cookies, which are not strictly necessary, by clicking on “Let Me Choose” in the Cookie banner of our Site.
We collect certain personal information which is recorded by the standard operation of our internet servers on an anonymous basis, such as your IP address, the operating system you are using, the sections of the Site you visit, and the Site pages read and images viewed. This information is used on an aggregate basis and in a non directly personally identifiable form, including: (i) for Site and system administration purposes, (ii) to improve the Site, (iii) to conduct internal reviews of the number of visitors to the Site (iv) to help us better understand visitors’ use of our Site; (v) to respond to specific requests from our visitors; and (vi) to protect the security or integrity of our Site when necessary. We do not use your IP address to identify you.
We reserve the right to make changes to this Policy. These changes will take effect immediately upon posting. If we make any significant changes to the Policy, we will post a notice on our Site and seek your consent when required by Applicable Privacy Laws. For your convenience, the last updated date of the current Policy will be posted at the top of this page. By continuing to use the Site following such changes, you will be deemed to have agreed to such changes. If you do not agree to the changes in our Policy, it is your responsibility to stop using our Site. It is your obligation to ensure that you read, understand and agree to the latest version of the Policy.
MCAN is accountable for all personal information that is in our custody or control, and we have designated a Privacy Officer that is ultimately responsible for the handling of this information, and for ensuring that we are complying with this Policy. The contact information for the Privacy Officer is set out below.
If an Individual has privacy questions, concerns or complaints, we want them to be answered satisfactorily or resolved as quickly as possible and ask that the Individual follow, in order, the following steps.
First:
The Individual should direct his or her complaints and/or questions in writing to MCAN’s Privacy Officer.
By mail:
Privacy Officer
MCAN Financial Group
200 King Street West, Suite 600
Toronto, ON M5H 3T4
Or by email:
privacy@mcanfinancial.com
Second:
For product and service related questions, concerns or complaints, the Individual may also call our Customer Service Centre and speak to a representative. If the Customer Service Representative is unable to resolve the matter to their satisfaction, the Individual should advise them that they wish the matter to be reviewed by the department manager who will contact them to resolve the issue. The Individual can reach MCAN Customer Service by calling:
telephone (toll free):
1-855-213-6226
Any unprotected e-mail communication over the Internet is, as with communication via any other medium (e.g., cellular phones, post office mail), subject to possible interception or loss, and is also subject to possible alteration. If you do communicate with us by means of e-mail, we will assume, unless you advise us otherwise, that you consent to our using the information you have sent to us, including your e-mail address, for the purpose of developing and sending an appropriate response to your communication, and disclosing it to such other advisory parties as we deem appropriate for that purpose.
