Exchange Bank of Canada (“EBC” or the “Bank”) shall collect, use, store and otherwise handle Personal Information in compliance with its Privacy Principles which have been developed in accordance with the requirements set out in the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”).
EBC’s Statement of Privacy Principles and Practices (the “Policy”) informs you of the ways we help protect your privacy and the confidentiality of your Information. We may amend this Policy from time to time. We will post the revised Policy on our website.
In this Policy, the words “you” and “your” mean any person, or that person’s authorized representative, who has requested from us any product or service offered by us in Canada or who is employed by us. The words “EBC”, “Bank”, “we”, “us” and “our” mean Exchange Bank of Canada. The word “Information” or “Personal Information” means personal, financial and other details about you that you provide to us or we obtain from others outside EBC.
Our Privacy Principles and Practices
EBC abides by the following ten Privacy Principles adopted by the Bank. These principles are based on PIPEDA and apply to the Personal Information of the Bank’s customers and employees which the Bank collects.
We are responsible for Personal Information under our control and the control of our third party contractors. We have designated individuals who are responsible for monitoring ongoing compliance with our Policy.
2. Identifying purposes and Use of Personal Information:
We will identify the purposes for which Personal Information is collected by us, or on behalf of us, or through our customer’s or employee’s authorized representatives.
We will not use any Personal Information except for the purposes of carrying on EBC’s business. We may use Personal Information for the following business purposes:
If your Information is being collected by telephone, the call may be recorded or monitored for the following reasons:
Consent is required for the collection, use and disclosure of Personal Information, subject to certain exceptions. Such exceptions are set out in the law and include where legal, medical or security reasons make it impossible or impractical to seek consent. Consent may be expressed in writing. It may also be given verbally, electronically or through us or our customer’s or employee’s authorized representatives. In certain circumstances, it may also be implied.
You may withhold or withdraw your consent for us to collect, use and disclose your Personal Information, as long as there are no legal or contractual reasons preventing you from doing so. Depending on the circumstances, however, withdrawal of your consent may impact our ability to continue to provide you with the products and services you have requested.
4. Limiting collection:
The collection of Personal Information must be by fair and lawful means and be limited to that which is necessary for the purposes identified.
5. Limiting use, disclosure and retention:
We will only use or disclose Personal Information for the purposes for which it was collected, other purposes consented to, or as required or permitted by law. We will only keep your Information for as long as is necessary to satisfy the purposes for which it was collected or as required or permitted by law.
Any personal Information that is collected, used or disclosed should be as accurate, complete and as up-to-date as is necessary for the purpose for which it is to be used.
We will make all reasonable efforts to help ensure that any Personal Information we collect and keep is as accurate, complete and as up-to-date as required for the identified purposes. To do so, we will rely to a large extent on you to provide us with accurate Information and to inform us of changes, such as changes in your contact Information.
We will protect your Personal Information through security safeguards that are appropriate to the sensitivity of the Information, in order to protect the Personal Information from unwarranted intrusion, release or misuse.
Information about the Bank’s Privacy Policies and practices for managing Personal Information shall be made available to customers and employees.
9. Individual access:
Upon written request, a customer or employee will be informed of the existence, use and disclosure of their Personal Information and will be given access to it, subject to certain exceptions, as permitted by law. A customer or employee may also verify the accuracy and completeness of their Personal Information and request that it be amended, if appropriate.
10. Inquiries and concerns:
A customer or employee may contact the Bank with any inquiries or concerns about the Bank’s privacy policies and practices.
Protecting Security of Personal Information
The Bank shall take all reasonable steps to protect Personal Information from loss, theft and unauthorized access.
Except as required by applicable law, we shall not disclose, provide access to, or otherwise make available Personal Information to any person. We will disclose only such Information as is required, in the opinion of its counsel, and will use commercially reasonable efforts to obtain confidential treatment for Personal Information that is so disclosed.
Safeguarding Personal Information
We will safeguard Personal Information by ensuring it is stored in a secure manner and kept physically independent from all other databases, information and records (as appropriate). Physically independent may mean a separate server or a logical partition within the same server.
Destruction of Personal Information
We will retain Personal Information only for as long as necessary to satisfy the purpose for which it was collected. We will destroy, delete or render anonymous Personal Information no longer required for an identified purpose or a legal requirement.
Accuracy and Accessing Personal Information
If a client or employee wishes to verify the accuracy of the Personal Information the Bank has on file, the client or employee may submit a written request to the Bank at the address noted below. Clients and employees are required to provide sufficient detail to enable us to ascertain the identity of the client or employee and the specific Information that is being requested. Access may be restricted as permitted or required by law. Examples may include Information that is subject to legal privilege, Information containing confidential commercial Information, and Information relating to a third party. As applicable, we will advise the client or employee of the reasons for restricting certain access subject to any legal or regulatory limitations.
Contact or Questions Respecting Personal Information Protection
Customers shall contact their relationship manager and employees should contact their supervisor for:
You may also contact:
Chief Privacy Officer
The Chief Privacy Officer is the main point of contact for privacy issues or breaches. The Chief Privacy Officer may be contacted as followed:
Exchange Bank of Canada
390 Bay Street, Suite 700
Toronto, Ont. M5H 2Y2
Attention: Chief Privacy Officer
Office of the Privacy Commissioner of Canada
Material privacy breach incidents can be reported to the OPC as followed: