Exchange Bank of Canada (“EBC” or the “Bank”) shall collect, use, and disclose Personal Information in compliance with its Privacy Principles which have been developed in accordance with the requirements set out in the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”).

EBC’s Statement of Privacy Principles and Practices (the “Policy”) informs you of the ways we help protect your privacy and the confidentiality of your Information. EBC is committed to protecting the privacy and security of personal information in its possession or custody. We may amend this Policy from time to time. We will post the revised Policy on our website.

In this Policy, the words “you” and “your” mean any person, or that person’s authorized representative, who has requested from us any product or service offered by us in Canada or who is employed by us. The words “EBC”, “Bank”, “we”, “us” and “our” mean Exchange Bank of Canada. “Personal Information” or “Information” means personal, financial and other details about you that you provide to us or we obtain from others outside EBC, including name, address, age, income, date of birth, gender, financial information and credit records but does not include the name, title or business address or telephone number of an employee of an organization.

Our Privacy Principles and Practices
EBC abides by the following ten Privacy Principles adopted by the Bank. These principles are based on PIPEDA and apply to the Personal Information of the Bank’s clients which it collects. The Bank has established rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of the Bank to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

1. Accountability:

We are responsible for Personal Information under our control and the control of our third-party contractors. We have designated individuals who are responsible for monitoring ongoing compliance with our Policy.

2. Identifying purposes and Use of Personal Information:

We will identify the purposes for which Personal Information is collected by us, or on behalf of us, or through our client’s authorized representatives.

We will not use any Personal Information except for the purposes of carrying on EBC’s business. We may use Personal Information for the following business purposes:

  • Verify identity of clients and representatives;
  • Communicate with clients’ representatives respecting products and services and employment, as applicable;
  • Provide client with the product and services requested;
  • Better understand clients’ product and services needs and to offer relevant information, products, and services to meet those needs, including sending communications by way of postal mail, e-mail, facsimile, telephone, text message or other type of electronic message;
  • Conduct surveys and analysis for research, statistical and product development purposes (information will be de-identified to the extent possible);
  • Perform tests to implement or modify systems;
  • Establish, manage or terminate an employment relationship;
  • Manage, model and assess risk;
  • Comply with applicable legal and regulatory requirements; and
  • Achieve other purposes as may, from time to time, be permitted or required by law.

If your information is being collected by telephone, the call may be recorded or monitored for the following reasons:

  • to establish a record of the Information you provide;
  • to take or verify instructions from you;
  • to maintain quality service levels; and
  • to assist in staff training.

Bank may transfer Personal Information to entities outside the Bank, such as vendors, suppliers and agents, who assist the Bank in its provision of products and services (“Service Provider”). When Personal Information is transferred to a Service Provider, the Bank will require the Service Provider to protect the Information in a manner that is consistent with this Policy. The Bank’s Service Providers may be located outside of Canada and Personal Information may be accessible to law enforcement and national security authorities of that jurisdiction.

3. Consent:

Consent is required for the collection, use and disclosure of Personal Information, subject to certain exceptions. Such exceptions are set out in the law and include where legal, medical or security reasons make it impossible or impractical to seek consent. Consent may be expressed in writing. It may also be given verbally, electronically or through us or our client’s authorized representatives. In certain circumstances, it may also be implied.

You may withhold or withdraw your consent for us to collect, use and disclose your Personal Information, as long as there are no legal or contractual reasons preventing you from doing so. Depending on the circumstances, however, withdrawal of your consent may impact our ability to continue to provide you with the products and services you have requested.

4. Limiting collection:

The collection of Personal Information must be by fair and lawful means and be limited to that which is necessary for the purposes identified.

5. Limiting use, disclosure and retention:

We will only use or disclose Personal Information for the purposes for which it was collected, other purposes consented to, or as required or permitted by law. We will only keep your Information for as long as is necessary to satisfy the purposes for which it was collected or as required or permitted by law. The Bank does not sell or rent personal information.

6. Accuracy:

Any personal Information that is collected, used or disclosed should be as accurate, complete and as up-to-date as is necessary for the purpose for which it is to be used.

We will make all reasonable efforts to help ensure that any Personal Information we collect and keep is as accurate, complete and as up-to-date as required for the identified purposes. To do so, we will rely to a large extent on you to provide us with accurate Information and to inform us of changes, such as changes in your contact Information.

7. Safeguards:

We will take all reasonable steps to protect your Personal Information through security safeguards that are appropriate to the sensitivity of the Information, in order to protect the Personal Information from unwarranted intrusion, release or misuse, including implementing appropriate physical, organizational and technological measures.

8. Openness:

Information about the Bank’s Privacy Policies and practices for managing Personal Information shall be made available to clients.

9. Individual access:

Upon written request, a client will be informed of the existence, use and disclosure of their Personal Information and will be given access to it, subject to certain exceptions, as permitted by law. A client may also verify the accuracy and completeness of their Personal Information and request that it be amended, if appropriate.

10. Inquiries and concerns:

A client may contact the Bank with any inquiries or concerns about the Bank’s privacy policies and practices.

Have a question or like to share your thoughts?


Protecting Security of Personal Information
The Bank shall take all reasonable steps to protect Personal Information from loss, theft and unauthorized access.

Destruction of Personal Information
We will retain Personal Information only for as long as necessary to satisfy the purpose for which it was collected. We will destroy, delete or render anonymous Personal Information no longer required for an identified purpose or a legal requirement.

Accuracy and Accessing Personal Information
If a client wishes to verify the accuracy of the Personal Information the Bank has on file, the client may submit a written request to the Bank at the address noted below. Clients are required to provide sufficient detail to enable us to ascertain the identity of the client and the specific Information that is being requested. Access may be restricted as permitted or required by law. Examples may include Information that is subject to legal privilege, Information containing confidential commercial Information, and Information relating to a third party. As applicable, we will advise the client of the reasons for restricting certain access subject to any legal or regulatory limitations.

Contact or Questions Respecting Personal Information Protection
Clients shall contact their relationship manager for:

  • questions concerning their Personal Information, our Privacy Policy or practices
  • more Information about how to access their Personal Information; and
  • withdrawing consent

You may also contact:

Chief Privacy Officer
The Chief Privacy Officer is the main point of contact for privacy issues or breaches. The Chief Privacy Officer may be contacted as followed:

Exchange Bank of Canada
390 Bay Street, Suite 700
Toronto, Ont. M5H 2Y2
Attention: Chief Privacy Officer
[email protected]

Office of the Privacy Commissioner of Canada
Individuals can raise issues and/or file complaints regarding the Bank’s privacy practices with the OPCC as follows: