Skip to main content

Privacy

  • Interac.ca Privacy Policy

    Introduction

    At Interac Corp. (“Interac”, “we” or “us”) we respect your personal information and are committed to ensuring the proper use, protection and security of all personal information placed in our care.

    This Privacy Notice explains our personal information collection, use and disclosure policies and practices in order to help you understand how we handle personal information you provide to us when you visit our websites (“Sites”), communicate with us by email or phone, and participate in our products and services.   More detailed Privacy Notices for Interac verification service, Interac document verification service, and Interac sign-in service can be found here:  Interac Verified – Legal.  This Privacy Notice does not apply to and we are not responsible for any third-party websites, products, or services that may be accessible through links from our Sites.  We urge you to review the privacy practices of those third-party site owners carefully before you submit any personal information.

    For additional information on the roles and responsibilities of Interac personnel throughout the lifecycle of personal information at Interac, please review our Roles and Responsibilities notice.

    Policy Notice Overview

    To learn more about this Privacy Notice, please click through the following sections.

    1. What types of personal information we collect and why
    2. How we use your personal information
    3. Why we share your personal information
    4. How long we keep your personal information
    5. How we protect your personal information
    6. Your rights and choices over your personal information
    7. When we transfer your personal information
    8. Updates to this Privacy Notice
    9. How to contact us

    1. What types of personal information we collect and why

    We may collect and use different types of personal information related to you in the course of operating our Sites and providing our products and services.  We do not sell personal information to anyone and only share it with third parties for the purposes set out in this Privacy Notice.

    a. When you visit our Sites

    When you visit our Sites we automatically store certain information, which may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, the browser and operating system you use, the date and time of your visit, the access status (e.g. your ability to access a website or receipt of an error message), website usage information (including the amount of data transferred, history of website pages you view) and sites you visit to access our Sites and those you will visit from our Sites.  We may store your IP address for security reasons, in particular to help diagnose problems with our server, administer our website, analyze trends, prevent and detect attacks on our website or attempts at fraud.  We also track visitor movements and gather broad demographic information to help us identify visitor preferences.  We render all of this information anonymous (unless we are required or permitted to keep information in its original form by applicable law) and retain it in aggregate form to measure interest in Interac reports and usage of our Sites, including but not limited to the total number of visits, average time spent on our Sites, and pages viewed, both in real-time, and within a certain historical time frame. We use this aggregated information to improve the utility, security, content, and user experience of our Sites.  More information about how information is collected from websites related to our Interac verification service, Interac document verification service, and Interac sign-in service, can be found here:  Interac Verified – Legal – .  Interac has a legitimate interest in understanding how our Sites are used.  This understanding is derived from analytics including fraud and marketing analytics and helps us to provide additional products, services and content that are relevant to our users.

    Cookies

    When you visit our Sites we may collect certain non-identifiable information via cookies, web beacons, and other similar tracking technologies to help us enhance your Site user experience. The types of information we may obtain include:

    • Anonymized data relating to: (i) on-site behaviour; (ii) performance metrics; and (iii) targeted advertising; and,
    • Anonymized clickstream data and other information about your online activities (such as information about your devices, browsing actions and usage patterns), including across third-party websites, that we obtain through the use of cookies and similar technologies.

    Information on the cookies we use, and their functions can be found in our Cookie Notice.

    Analytics

    We may use Google Analytics, specifically the Demographics and Interest Reporting component of Google Analytics as well as the DoubleClick Campaign Manager, together known as Google Analytics for Display Advertisers. These features are used to derive non-personally identifiable information to track and report our Sites traffic. For more information about Google Analytics, its privacy and terms, including how to opt out from having your information collected through Google Analytics please visit https://policies.google.com/technologies/partner-sites?hl=en-US.

    b. Collection of personal information in connection with Interac products and performance of Interac services

    To facilitate your use of Interac products and services, to protect you and other users of our products, services and Sites from fraud and other wrongful or illegal activity, to provide Interac services and to conduct our business, including to carry out our obligations arising out of any agreements entered into between you and us, between your financial institution and us, and between us and third parties, we may collect the following personal information.

    • For Interac e-Transfer transactions, we collect information including sender name, email address, phone number (if provided) and bank account number, along with recipient name, email address or phone number (or both), and bank account information.  In addition, we collect nick names and IP addresses of both sender and recipient, the payment amount, expiry date of the Interac e-Transfer transaction, name of the originating financial institution, current payment status, status history of the payment, unique device ID numbers  and  all messages associated with the transfer.
    • For Interac e-Transfer Bulk Payables, in addition to the information we collect for Interac e-Transfer transactions, we collect information including the security question and answer associated with the transfer.
    • For Interac Debit Chip and Pin and Interac Debit contactless  transactions (formerly known as Interac Flash), we collect information including the transaction payment amount, name of the originating financial institution, current payment status and your debit card primary account number (PAN).
    • For Interac transactions, in addition to the information we collect for Interac Debit, we collect the following information:
      • For each Interac Debit through digital wallets provision, we collect the home country of the card, originating financial institution and cardholder billing address (if available); and
      • We also collect device related information including , device identifier, model, operating system, IP address, language, location, device manufacturer, network operator, device serial number (last two digits), time zone, type, masked email address and user account ID hash (unique ID representing Apple ID / Google ID of the user).
    • For Interac verification service, Interac document verification service, and Interac  sign-in service a description of the information we collect can be found here: Verification services – Legal
    • For Software Based Pin on Cots for Mobile point of sale transactions, in addition to the information we collect for Interac Debit, we collect information, including transaction payment amount, name of the originating financial institution, current payment status and your debit card PAN, as well as the geolocation of the transaction (i.e. the IP address of the merchant) and the unique identifier of the merchant’s Commercial Off the Shelf Device (i.e. phone, tablet).

    c. When you contact us or request that we contact you

    Through our contact channels you can contact us or ask us to contact you regarding questions, troubleshooting, comments, or complaints. When you do this, we collect the information that you communicate to us by filling out the applicable form, speaking with us in person, by calling or emailing us.  Information we collect may include your contact details (such as your first name, last name, address and/or business information), the reason you are contacting us, your transaction reference number, your device type, your transaction amount, verification that you are not a robot and other information you provide to us. We will collect your contact information and any other information we need in order to further assist you and communicate with you.  Sensitive information should not be included within such inquiries.

    d. For our newsletter, events and marketing purposes

    You can choose to sign up for our newsletter on our and to receive invitations to events. If you do so, you may authorize us to use your email for the purpose of contacting you to periodically send you email messages describing updates, new features, or promotional offers related to our Sites, products, services or events. You can choose to stop receiving these emails at any time. To do so simply follow the instructions included in your email, or send a reply stating your request to unsubscribe. If you do not explicitly choose to receive emails for marketing purposes, the only email messages you will receive from us will be to respond to email inquiries that you send us.

    e. When you sign up/register for our Sites

    You may also choose to register for our Developer Centre or participate in the Interac Hackathon or request help, support or information for merchants. If you do so, you may be asked to provide optional information such as the name of the business you work for and/or the industry you work in.  We may collect your personal information in order to provide you access to the Developer Centre, operate the user forum, and facilitate management of Developer Centre users’ accounts.  When you request merchant point of sale merchandise, we may also collect your personal information to fulfil your request.  We render all of this information anonymous and retain it in aggregate form to measure interest in the Developer Centre Hub, usage of the Sites, including but not limited to the total number of visits, average time spent on the sites, and pages viewed, both in real-time, and within a certain historical time frame. We use this aggregated information to improve the utility, security, content and user experience of our Sites.

    f. When you apply for a job with us

    If you apply for a job at Interac on our career website, we may collect certain personal information from your job applications, including your contact information (including name, postal address, email address and phone number), resume, your citizenship/employment eligibility, desired salary, results of your behavioral or cognitive abilities testing and any other personal information you choose to submit along with your application.

    2. How we use your personal information

    We will only use your personal information when we have a legitimate basis, including to:

    • Administer and perform our services, products and conduct our business;
    • Evaluate employment candidates and respond to applicant correspondence;
    • Carry out our obligations that may arise from any agreements we have entered into with you or your financial institution or other third parties;
    • Operate and facilitate the use of our Sites (including responding to requests received) and to confirm Site content is useful and relevant;
    • Manage our business needs, such as monitoring, analyzing, testing and improving our products and services, the Sites’ performance and functionality and the performance and functionality of our infrastructure;
    • Contact and correspond with you, and respond to your inquiries and, when necessary, investigate complaints;
    • Determine whether to grant access to certain special features of our Sites;
    • Comply with legal and regulatory requirements;
    • Prevent and detect fraud, unauthorized transactions, other wrongful or illegal activities, claims and other liabilities; and
    • Manage risk exposure with respect to the integrity and security of our products, services and Sites.

    We may also use information you provide in anonymized and aggregated form for the following legitimate purposes:

    • Assemble statistical reporting for our participating financial institutions and governmental authorities;
    • Conduct market research respecting our products and services; and
    • Compile statistical analysis of the behaviour of users or groups of users.

    3. Why we share your personal information

    We consider your personal information strictly confidential and we do not sell or rent it to others. We will not share any of your personal information with third parties, except in the limited circumstances described herein or with your express permission. Any third parties to whom we disclose any of your personal information are limited by law or by contract from using that information for any purpose beyond the purposes for which the information is collected. We may disclose your personal information in the following circumstances.

    a. Interac service providers

    We need the help of our service providers to be able to offer you our Sites, products, and services. We share your personal information with our service providers who perform services for the purposes described in this Privacy Notice. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and require these service providers by contract to only process personal information in accordance with our instructions and in compliance with applicable laws. We also require them to safeguard the security and confidentiality of the personal information on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding their employees and contractors.

    b. Financial Institutions

    We offer payment products and services in association with participating financial institutions. Agents and customer service representatives at your financial institution have access to certain stored information we have. The personal information we share with your financial institution allows them to respond to your inquiries, trace payments, view a customer’s transaction history and access payment details. Additional information regarding our information sharing practices with financial institutions in relation to our Interac verification service, Interac document verification service, and Interac sign-in service, can be found here: Verification services – Legal.

    c. Fraud Investigations

    We disclose information that we, in good faith, believe is appropriate in investigations of fraud or other wrongful or illegal activity or to conduct investigations of violations of the terms and conditions for using our products and services. At our sole discretion we may report suspicious activity relating to fraud or other wrongful or illegal activities, (in cooperation with your financial institution) to the appropriate legal authorities, to our participating financial institutions and other third parties.  For example, we may report suspicious activities where we believe those activities could result in physical harm or financial loss to any person.  We may also report activities that we view as a pattern of fraudulent, wrongful or illegal behaviour.  We also exchange certain information with these financial institutions to allow each of us to establish whether any particular transaction, or series of transactions, needs to be reported as required by applicable law.

    d. Business transfers

    We may be involved in the sale, transfer or reorganization of some or all of our business at some time in the future. As part of that sale, transfer or reorganization, we may disclose your personal information to the acquiring organization, but will take all reasonable measures to ensure that the acquiring organization agrees to protect your personal  information in a manner that is consistent with this Privacy Notice.

    e. Required by law

    We may disclose your personal information to a government institution that has asserted its lawful authority to obtain the information or where we have reasonable grounds to believe the information could be useful in the investigation of unlawful activity or to legal authorities, government officials or third parties where necessary to comply with a subpoena or warrant or an order made by a court, person or any other body with jurisdiction to compel the provision of information. We may also disclose your personal information in order to comply with court rules and regulations regarding the provision of records and information or as otherwise permitted or required by law.

    f. Third party websites

    Our Sites may include links to other third-party websites and social media tools, including cookies, that permit sharing web content including IP address, with third parties and social media providers. For example, you may share an article from the Interac In The Know via Facebook, LinkedIn, or Twitter. These websites may learn of your visit and treat the collection, use and disclosure of personal information differently than we do. For any linked websites or features you visit or use that are not owned or controlled by Interac, please review their own privacy notices or policies before disclosing your personal information. We are not responsible for the collection, use and disclosure practices of companies or organizations to which our sites may provide links.

    4. How long we keep your personal information

    Your personal information is retained for as long as reasonably necessary to fulfill the relevant purposes set out in this Privacy Notice and in order to comply with Interac’s legal or regulatory obligations. When determining the retention period, we consider factors including the type of products and services, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact if we delete some information about you, mandatory retention periods, and the statutory limitations.  We will maintain your transaction history and information provided to us by third parties. As always, once archived, your personal information is kept secure.

    Information we collect from visitors to our Sites is retained only in aggregate form for the purposes outlined in this Privacy Notice.

    Once we have responded to any specific inquiries we receive from individuals, we destroy, erase or render anonymous personal information no longer required for the purpose(s) for which it was collected, subject to any legal or business requirement to retain it.

    5. How we protect your personal information

    We are committed to securing your personal information and have taken precautions to protect such information against unauthorized access, disclosure, inappropriate alteration, and misuse. We maintain appropriate physical, technical and administrative safeguards to help protect your personal information.  We update and test our security technology, standards and processes on an ongoing basis.

    Transmission methods used to transfer information over the Internet, or methods of electronic storage, are not 100% secure. We cannot ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We cannot guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards.

    You play a valuable part in security. After you have finished visiting our Sites, you should log out and exit your browser to prevent unauthorized users from returning to your online session. If you are accessing our mobile Sites, you should ensure that your device’s privacy settings are set in accordance with your privacy preferences. If you believe your personal information has been compromised or that someone has improperly used or provided information to Interac about you that you did not authorize, please contact us as set out in this Privacy Notice.

    6. Your rights and choices over your personal information

    Under certain circumstances and in accordance with applicable privacy laws, you are entitled to certain rights over your own personal information, as listed below.

    • Right of access – You have the right to be informed of the existence, use and disclosure of your personal information by us, and have access to that information (including a listing of the third-party organisations with whom the information has been shared).
    • Right to rectification of errors – When you demonstrate the inaccuracy or incompleteness of your personal information held by us, we must correct the inaccuracies and/or add a notation to the information, as appropriate.
    • Right to challenge accuracy – You have the right to challenge the accuracy, completeness and currency of your personal information in our possession.
    • Right to limit use of personal information – As a condition of providing you access to an Interac product or service we cannot require that you allow us to process your personal information beyond that which is required to fulfil the explicitly specified and legitimate purpose.
    • Right to withdraw consent – You are able to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. We must inform you of the implications of such withdrawal.
    • Right to object to marketing – You must consent to our collection, use or disclosure of your personal information for marketing purposes.
    • Right to complain to the relevant data protection authority(ies) – You have the right to be able to address data protection issues with our Privacy Office and you also have the right to make a complaint to the relevant data protection authority.

    There are some exceptions to these rights. Some information may not be accessed or deleted in certain circumstances, for example, if it contains personal information of other persons or if we are required by law to keep it.

    If you wish to exercise your rights described above or require further information regarding circumstances that may limit the rights you can exercise, please contact us as set out in this Privacy Notice.

    7. When we transfer your personal information

    Some of the information you provide to us may be shared in encrypted form with our service providers that are located outside of Canada, over communication systems in order to facilitate the routing of such information in the course of providing Interac services. For such service providers, we will require them by contract to only process personal information in accordance with our instructions and in compliance with applicable laws. We also require that service providers safeguard the security and confidentiality of the personal information that they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding their employees and contractors.

    8. Updates to this Privacy Notice

    Interac may review this Privacy Notice periodically to reflect changes in privacy regulations and in our practices. We will post a prominent notice of any relevant and material changes to this Privacy Notice when they occur and indicate when this Privacy Notice was most recently updated.

    9. How to contact us

    At Interac, the person in charge of the protection of personal information is Rebecca Ma, Deputy General Counsel, Chief Privacy and Compliance Officer.

    In the event that you:

    • Have any questions about this Privacy Notice, our privacy policies or practices, or about the handling of your personal information;
    • Want to withdraw consent to continued collection, use, disclosure or other processing of your personal information;
    • Want to access, update, or correct your personal information; or
    • Want to make a complaint respecting Interac’s handling of your personal information or otherwise challenge Interac’s compliance with applicable data protection legislation,

    please feel free to contact our Privacy Office by email at privacy@interac.ca, or write to us at:

    Privacy Office

    Interac Corp.
    Royal Bank Plaza, North Tower, P.O. Box 45
    200 Bay Street, Suite 2400
    Toronto, Ontario M5J 2J1
    Canada

     

    Copyright © 2022, Interac Corp. All rights reserved.

    Except as permitted by law, no part of this document nor any of Interac’s trademarks, logos and service marks may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.

    Interac Corp., by publishing this document, does not guarantee that any information contained herein is and will remain accurate. Interac Corp., its agents and employees shall not be held liable to or through any user for any loss or damage whatsoever resulting from reliance on the information contained herein.

    Published by Interac Corp., Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1

    ®,™: Trade-mark of Interac Corp.

    https://www.interac.ca

    Cookie Notice

  • Interac.ca Cookie Policy

    Introduction

    This Cookie Notice is meant to provide you with information about how Interac.ca (“Interac”, “we”, or “us”) uses cookies and other similar technologies (including pixels, tags, and social plug-ins) when you are visiting our websites (“Sites” or individual “Site”) along with their purposes, and how you may control them.

    Cookies and other similar technologies allow us to collect information about you and your usage of our Sites in order to help us provide you with the most relevant Interac products and services.

    With the exception of essential cookies (as defined in the table below), we will not activate any web tracking technologies on our Sites unless you expressly accept their use via the cookie management banner or enable non-essential cookies using the cookie consent tool.

    For information about how we process personal information collected by cookies and web tracking technologies, please see our Privacy Notice.

    What is a Cookie?

    A cookie is a small file that is passed from a website to an end user’s computer or mobile device. The cookie is used to save information about the interaction between your computer or mobile device and the website you are visiting. The cookie file is automatically stored by your browser (e.g., Google, Safari, Internet Explorer or Firefox) on the local hard drive, and it can later be retrieved by the website. Cookies are also used to keep track your preferences and works in progress (such as items in an online shopping cart).

    You can learn more about cookies and web tracking from the Office of the Privacy Commissioner of Canada.

    We use cookies and other similar technologies that are both created and implemented by Interac and by third-party service providers. The technologies that we use on our Sites, and the purposes for which they are used, are listed in the sections below.

    What Cookies do We Use and Why?

    1. Essential Cookies
    These cookies are essential to the functionality of our Sites in order to enable the basic Site features (including onsite search capabilities, location-finder tools, virtual and/or voice assistance, and accessing secure areas of our Sites). Essential cookies do not gather information about you that could be used for marketing purposes and do not remember your navigational information on the Internet. Since they are essential for the function of our Sites, by using our Sites, you agree to their use for the above purpose. The following chart outlines the current Essential Cookies used across our Sites that may be updated from time to time.

    Cookies Source Purpose
    wordpress_sec_* Interac Corp. / WordPress These cookies are essential and functional cookies used to allow users to log into and remain logged  out of a Site.
    wordpress_logged_in_*
    incap_ses_* Imperva, Inc. These cookies are essential and functional third party cookies for Interac’s Developer Centre. They are used to improve the security of the Site.
    visid_incap_*

    We use Google Tag Manager to quickly update tags on our Sites in order to facilitate the installation of Google Analytics, Floodlight, and third-party cookies. Google Tag Manager is not a cookie. It is an essential tool for the proper functioning of our Sites and therefore it cannot be de-activated. Learn more about Google Tag Manager.

    2. Reporting and Analytics

    We use reporting and analytics tools to collect information about how visitors use our Sites. These technologies provide us with anonymous, aggregated data.  The following chart outlines the current Reporting and Analytics Cookies used across our Sites that may be updated from time to time.

    Tool Source Purpose
    Google Analytics Google LLC Google Analytics is used to help track and determine how visitors interact with our Sites.
    LinkedIn Analytics LinkedIn Corporation LinkedIn Analytis measure real-time data on Interac campaigns performance and demographic insights.

    3. Advertising and Marketing

    We use advertising and marketing tools to tailor advertising and marketing to your interest and help us improve the effectiveness of our advertising and marketing efforts. These technologies collect information about your activities such as information about your device, which pages you visit on our Sites, your history arriving at our Sites, etc. Collected information may be shared with our third-party cookie technology service providers.  The following chart outlines the current Advertising and Marketing Cookies used across our Sites that may be updated from time to time.

    Tool Source Purpose
    FacebookCustom Audiences Facebook, Inc. Facebook Custom Audiences allows us to measure, optimize and build audiences for our Facebook ad campaigns.
    Outbrain Outbrain Inc. Outbrain pairs Interac content with users who will find it engaging and relevant.
    LinkedIn Ads Linkedin Corporation LinkedIn Ads measure real-time data on Interac campaigns performance and demographic insights.
    inPowered inPowered, Inc. inPowered delivers engagement with any content across every native ad channel.
    DoubleClick Google LLC DoubleClick is an integrated ad technology platform that enables us to more effectively create, manage and grow high-impact digital marketing campaigns.

    4. Personalization Cookies

    At this time we do not use cookies to remember choices you have made or information you have provided, such as screen layouts, preferred language and country location (“Personalization Cookies”).

    5. Third-Party Websites’ Technologies

    When using our Sites, you may encounter embedded content, including YouTube videos, or you may be directed to other websites including  social media platforms for activities including sharing content, submitting surveys or job applications. These third-party websites and embedded content may use their own cookies.

    Please note that we do not have control over the placement of cookies by these third-party websites, even if you are directed to them from our Sites. You understand that these third-party websites and embedded content are not subject to this Cookie Notice and we are not responsible for their content or for their treatment of personal data.

    We use tools to create a connection between your visit to our Sites and a third-party social media platform. These tools may collect information about your activites such as information about your device, which pages you visit on our Sites, etc. Collected information may be shared with the third-party cookie technology provider and the third-party social media platform provider.  The following chart outlines the current Third-Party Websites’ Technologies used across our Sites that may be updated from time to time.

    Tool Source Purpose
    AddThis Oracle America, Inc. AddThis is used to display social share capabilities on our Sites. This tool enables our Site visitors to share webpages, blogs, news, and other content with social networks and other destinations via a browser or website plug-in.
    Facebook Connect Facebook, Inc. Facebook Connect is used to allow visitors of our Sites to interact with and share content via Facebook’s social media platform.

    How to Control and Delete Cookies?

    1. Cookie Consent Banner on Our Sites

    When you access our Sites, and the cookie consent banner is displayed, you can consent to our use of non-essential cookies by choosing “ACCEPT”. You may choose to “Manage Cookies” and be taken to the Cookie Consent Tool where you can “ENABLE” or “DISABLE” non-essential cookies. When you choose to enable non-essential cookies, you consent to all future non-essential cookies, updates and upgrades we make from time to time. If you choose to disable non-essential cookies it may have an effect on your browsing experience. Please be aware that you may disable non-essential cookies at any time.

    The cookie management banner will display when (i) your device accesses our Sites for the first time or (ii) your device accesses our Sites for the first time after deleting cookies in your browser. You may access the cookie consent banner, cookie consent tool and the Cookie Notice when you click the “Privacy Notice” link at the bottom of each page of our Sites.

    Please note that if you are using a shared device, you may have to delete cookies in your browser for the cookie preference banner to appear. You cannot decline consent for the use of essential cookies (as listed in the table above) that are used to ensure the functionality and/or maintenance of our Sites.

    2. Your Browser

    Through certain web browser settings, you may have the option to disable the cookies and technologies to control the tracking of your online activities. Please note, however, that disabling a cookie or category of cookies may prevent the cookie preference banner from properly displaying, and may not delete an existing cookie or category of cookies from your browser unless manually deleted through your browser function.

    3. Third-party Opt-out

    Some of the third-party advertising and other tracking services listed above offer you the opportunity to opt-out of their tracking systems. You can read more about the information they collect and how to opt-out through the privacy policy links listed above.

  • Interac e-Transfer Privacy Policy

    Introduction
    Information We Collect
    How to Access Your Information
    Interac’s Use of Your Personal Information
    Retention of Your Information
    Disclosure of Your Personal Information
    Contact Us

    1.1  Introduction

    Interac Corp. (“Interac”) is committed to protecting both the privacy and confidentiality of your personal information. In order to operate the Interac e-Transfer service, in accordance with Federal Law, and to reduce the risk of fraud, Interac asks you to provide us information about yourself and about your bank account. We use this information only in accordance with this policy.

    1.2  Information We Collect

    To deposit an Interac e-Transfer you first register with Interac.

    PERSONAL INFORMATION:

    Interac is committed to protecting both the privacy and confidentiality of your personal information. In order to operate the Interac e-Transfer service, in accordance with Federal Law, and to reduce the risk of fraud, Interac asks you to provide us information about yourself and about your bank account. We use this information only in accordance with this policy.

    ACCOUNT INFORMATION:

    In order to deposit your Interac e-Transfer, Interac asks you to provide the account number, transit number and institution number for the bank account where the funds are to be deposited. This information is used by Interac and Interac agent bank to deliver the funds to your account.

    IDENTIFICATION NUMBER:

    To further protect against fraud, Interac asks you to provide one piece of identification. At this time, Interac will accept a Canadian social insurance number or a credit card number. If you provide a credit card number, Interac also asks you to provide your billing information. This information is kept in the strictest of confidence and is used solely to verify your personal information. Interac will not bill your credit card. Interac uses your identification number only for verification purposes as described in this section under the heading: Information from Third Parties.

    TRANSACTION INFORMATION:

    Interac tracks each Interac e-Transfer sent or received through its network. This information includes the payment amount, expiry date of the Interac e-Transfer, name of the originating financial institution, current payment status and status history of the payment. For the Sender, Interac records a name, email address and, if provided, a telephone number. For the Recipient, Interac records a name and either an email address or a telephone number, or both an email address and a telephone number (if both are provided). Interac also records all messages associated with the transfer.

    INFORMATION FROM THIRD PARTIES:

    To protect all users against potential fraud, we use third parties to verify the information you provide. In the course of this verification, we receive personally identifiable information about you from such services. In particular, if you provide credit card information, we will use authorization and fraud screening services of third parties to verify that your card information and address match the information that you supplied to Interac and confirm that the card has not been reported lost or stolen.

    INFORMATION AUTOMATICALLY COLLECTED:

    Like many Web Sites, the Interac e-Transfer site automatically collects non-identifiable information regarding Internet visitors, such as the Internet Protocol (IP) address of your Web enabled device, the IP address of your Internet Service Provider, the date and time you access the Interac e-Transfer site, the Internet address of the Web Site from which you linked directly to the Interac e-Transfer site, the operating system your Web enabled device is using, the sections of the Interac e-Transfer site that you visit, the Web Site pages read, and images viewed, and the content you download from the Web Site. Interac uses this non-identifiable information for Internet and system administration purposes, to prevent and investigate fraud and to optimize user experience. Interac may disclose this non-identifiable information to others, including to companies located outside of Canada that have been contracted to perform certain functions relating to fraud prevention or investigation on our behalf and as result of this IP addresses and certain device information may be used, stored or accessed in other countries and may be subject to the laws of those countries, and permanently archive it for future use.

    We also use Google Analytics, specifically  the Demographics and Interest Reporting component of Google Analytics as well as the DoubleClick Campaign Manager, together known as Google Analytics for Display Advertisers. These features are used to derive non-personally identifiable information relating to user level tracking. As a result of these features, you are subject to Google Analytics’ data collection and privacy policy, which is located at http://www.google.com/policies/privacy/partners/.

    Users who do not wish to have information collected through Google Analytics can opt-out by deleting the cookies in their browser, configuring their browser settings to block the use of cookies, or by installing the Google Analytics Opt-Out Browser Add-on available at https://tools.google.com/dlpage/gaoptout/.

    COOKIES

    The Interac e-Transfer site uses “cookies”, a technology that installs information on an Internet visitor’s Web enabled device to permit Interac to recognize future visits from a user using the same Web enabled device. Cookies enhance the convenience and use of the Interac e-Transfer site. You may choose to decline cookies if your browser permits, but doing so may reduce your ability to use certain features of the Interac e-Transfer site.

    1.3  How to Access Your Information

    If you wish to update the personal information that you have provided to us, select the “My Profile” feature within the Web Site. You may view your transaction history by selecting “View Payment History”. For any other requests to access your information, please email our Privacy Officer at privacy@interac.ca.

    1.4  Interac’s Use of Your Personal Information

    Interac may use your personal information to contact and correspond with you, to respond to your inquiries, to determine whether to grant access to certain special features of the Interac e-Transfer site and to comply with legal requirements. Interac may also use information you provide to assemble statistical reporting for our participating financial institutions. Interac may use your information to conduct market research respecting the Interac e-Transfer service. Interac may use your information to compile statistical analysis of the behaviour of customers or groups of customers.

    1.5  Retention of Your Information

    In order to comply with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, Interac will keep a record of the information that you provide to us. We will maintain your transaction history and information provided to us by third parties. As always, once archived, your personal information is kept secure. It will only be released when required or allowed by law, for example in the case of an investigation or dispute.

    1.6  Disclosure of Your Personal Information

    Interac will not sell or rent any of your personally identifiable information to third parties. Interac will not share any of your personally identifiable information with third parties, except in the limited circumstances described above and/or below or with your express permission. Any third parties to whom we provide any of your personally identifiable information are limited by law or by contract from using that information for any purposes beyond the purposes for which the information is shared. Interac may disclose your personal information in the following circumstances:

    INTERNAL USES:

    We use the information we collect about you in order to provide our services, process your transactions, and to provide customer service.

    DISCLOSURE TO OUR AGENTS AND PARTNERS:

    Interac offers payment services only in association with its participating financial institutions. Agents and customer service representatives at these financial institutions have access to certain Interac stored information. In response to customer inquiries, they can trace payments, view a customer’s transaction history and access payment details. We disclose information that we, in good faith, believe is appropriate in investigations of fraud or other illegal activity or to conduct investigations of violations of our Terms of Use). We also exchange certain information with these financial institutions to allow each of us to establish whether any particular transaction, or series of transactions, needs to be reported to FINTRAC pursuant to the Proceeds of Crime (Money Laundering) and Anti-Terrorist Financing Act.

    DISCLOSURE IN BUSINESS TRANSFERS:

    Interac may be involved in the sale, transfer or reorganization of some or all of its business at some time in the future. As part of that sale, transfer or reorganization, Interac may disclose your personal information to the acquiring organization, but will take all reasonable measures to ensure that the acquiring organization agrees to protect the privacy of your personal information in a manner that is consistent with this Privacy Policy.

    WHEN REQUIRED TO BY LAW:

    Interac may disclose your personal information to a government institution that has asserted its lawful authority to obtain the information or where Interac has reasonable grounds to believe the information could be useful in the investigation of unlawful activity or to comply with a subpoena or warrant or an order made by a court, person or any other body with jurisdiction to compel the provision of information. Interac may also disclose your personal information in order to comply with court rules regarding the provision of records and information, to Interac’s legal counsel, or as otherwise permitted or required by law.

    CONTACTING OUR CUSTOMERS:

    We communicate with customers on a regular basis by electronic means to provide requested services, and we also communicate by telephone to resolve customer complaints or investigate suspicious transactions. We use your email address and/or telephone number to send you notice of transfers that you receive through the Interac e-Transfer service, and to send notices and other disclosures required by law. We also use your contact information to enable the market research company we use to contact you, to send information about important changes to our products and services.

    1.7  Contacting Us

    If you have any questions relating to the information we collect, how we use it, or why we collect it, please contact our Privacy Officer by email at privacy@interac.ca, call us at 1-888-238-6433 or write to us at:

    Interac Corp.
    Royal Bank Plaza, North Tower, P.O. Box 45
    200 Bay Street, Suite 2400
    Toronto, Ontario M5J 2J1
    Canada

    Copyright (c) 2015, 2023, Interac Corp. All rights reserved.
    Except as permitted by law, no part of this document may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.

    Interac Corp, by publishing this document, does not guarantee that any information contained herein is and will remain accurate or that use of the information will ensure correct and faultless operation of the relevant service or equipment. Interac Corp, its agents and employees shall not be held liable to or through any user for any loss or damage whatsoever resulting from reliance on the information contained herein.

    Published by Interac Corp, Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1
    https://www.interac.ca/interac-e-transfer-consumer

    ®,™: Trade-mark of Interac Corp. Used under license.

  • Process for Handling Inquiries & Complaints

    Individuals have the right to make inquiries or complaints about the collection, use, disclosure, or other processing of their personal information by Interac, or otherwise regarding Interac’s compliance with applicable privacy and data protection laws.

    Managing your inquiries and complaints

    If you think that your personal information has been improperly collected, used, or disclosed by Interac, or if you have a request or concern with respect to your personal information in our records, you may contact us and voice your concern in writing to our Privacy Office through the following channels:

    • By email at: privacy@interac.ca
    • By mail at:
      • Interac Corp.
        Royal Bank Plaza, North Tower, P.O. Box 45
        200 Bay Street, Suite 2400
        Toronto ON, M5J 2J1
        Canada
        (Attention: Privacy Office)

    Be sure to include enough information for us to identify you in our records (e.g., full name, account numbers, address) and to contact you. If would also be useful for you to include the following information:

    • Explain the reason why you are contacting us;
    • Provide details about your request or concern and any specific issues. Briefly explain what occurred and, if applicable, what impact is has had on you; and
    • If appropriate, state the specific action you would like us to take.

    If you require help preparing your request, please feel free to reach out to us for assistance.

    We take your inquiries and complaints seriously

    Interac employees who receive or are made aware of an inquiry or complaint must:

    • Record the date on which the inquiry or complaint is received, together with its nature; and
    • Immediately refer or forward the inquiry or complaint to Interac’s Privacy Office at privacy@interac.ca.

    The Privacy Office shall be responsible for undertaking a reasonable investigation into and responding, in writing, to all such inquiries and complaints.  In particular, the Privacy Office shall:

    • Acknowledge receipt of the inquiry or complaint promptly;
    • Validate/confirm the identity of the individual/claimant;
    • Seek clarification regarding the inquiry or complaint, as needed;
    • Fairly and impartially evaluate the validity of a complaint, having regard to all relevant factors;
    • Notify the individual of the response to their inquiry or outcome of their complaint, together with any steps taken as a result of the inquiry or complaint, within the time period required by applicable law;
    • If a complaint is found to be justified, take appropriate measures to address and rectify the substance of the complaint and to ensure compliance with the applicable laws, including, if necessary, correcting any inaccurate personal information and/or amending Interac’s policies and procedures concerning the processing of personal information; and
    • Ensure that relevant Interac employees are aware of any changes to Interac’s policies and procedures as a result of an inquiry or complaint, including arranging for necessary training to implement and give effect to such changes.

    Records of decisions made with respect to an inquiry or complaint, and any personal information that is the subject of an access request or a request for rectification, will be maintained for as long as necessary to allow the relevant individual(s) to exhaust any recourse they may have under applicable laws.

    If you are not satisfied with our resolution of your personal information request or concern, you can contact the applicable privacy commissioner in your jurisdiction for additional information.

  • Roles and Responsibilities of Interac Personnel Throughout the Lifecycle of Personal Information

    Interac Corp. takes steps to process personal information in a manner that respects the confidentiality of such information, protects the integrity of the information so that decisions will be made based on accurate information, and accomplishes the purposes for collecting the data. Interac’s overall goal is to comply with the applicable legal and regulatory requirements, as well as develop and follow practices for managing data in a manner that builds and maintains the trust and confidence of you and our Clients and Participants, while still permitting efficient and effective operation of our organization and delivery of our Services.

    Interac personnel will have the following roles and responsibilities with respect to handling personal information throughout its lifecycle within our organization:

    1. Chief Legal Officer

      .accordion-content-block ul.accordion li.accordion-item ol ul li:before {content: none !important;}

      • Designated by Interac’s Governance Committee as the corporate officer responsible for privacy at Interac and the Interac Privacy Office.
      • Overall responsibility for ensuring that Interac complies with applicable privacy and data protection legislation, including the Act respecting the protection of personal information in the private sector (Quebec).
      • Delegating necessary functions to ensure Interac’s compliance with applicable privacy and data protection legislation, including the Act respecting the protection of personal information in the private sector (Quebec).
    2. Interac Privacy Office
      • Promoting privacy and data protection within our organization.
      • Developing, executing, maintaining, and enhancing policies, standards, and procedures to appropriately manage and safeguard personal information in accordance with applicable laws, contractual requirements, and expectations of all stakeholders.
      • Monitoring and preparing for legislative and regulatory changes.
      • Developing appropriate consent processes for collection, use, and disclosure of personal information.
      • Confirming that appropriate security controls are developed, implemented, and maintained to protect personal information in a manner that is consistent with the sensitivity of the information.
      • Developing standard privacy and data protection contractual terms for vendors, and approval of any deviations from these privacy and data protection terms.
      • Developing and/or facilitating delivery of privacy training to personnel.
      • Managing and responding to demands or requests for access and rectification of personal information, and other data subject requests.
      • Directing and managing compliance with court orders and other legal processes requiring disclosure of personal information.
      • Receiving, investigating, and responding to privacy complaints.
      • Participating as a stakeholder in vendor risk management review, selection, and monitoring of vendors who handle or have access to personal information.
      • Developing, reviewing, and initiating standards and procedures for implementing privacy by design for new products and services.
      • Advising and guiding the Chief Data Office on appropriate data retention periods.
      • Communicating with privacy regulators, including in the event of a complaint or investigation.
      • Collaborating with Information Security to oversee privacy breach and privacy incident response, reporting, and communication protocols (for both contractual and legislative obligations).
    3. Chief Information Security Officer and Information Security Office
      • Defining, implementing, maintaining, and enforcing policies, procedures and safeguards related to information technology and systems of record.
      • Designing, implementing, and maintaining computing hardware, software, processes, and controls, as needed to support the effective, compliant management of records throughout their lifecycle.
      • Developing data back-up policies and procedures. Regularly testing back-ups.
      • Conducting vulnerability assessments, as well as security threat and risk assessments. Developing and managing risk mitigation plans.
      • Notifying the Interac Privacy Office of any data breach, technology failure, or other incident that results in (or may result in) loss of or unauthorized access to or disclosure of personal information (or other confidentiality incident). Participating and fully cooperating in any investigation into such incidents (including cooperating with outside investigators, where applicable).
    4. Chief Data Office
      • Governing data across Interac by providing best practices and support around how to handle various types of data.
      • Developing an appropriate data retention and destruction strategy with privacy-related guidance from Interac’s Privacy Office.
      • Providing access to governed, trustworthy, and high-quality data that can be used for decision making.
    5. Human Resources
      • Managing employee personal information in accordance with Interac governance frameworks and applicable laws.
      • Seeking guidance from the Interac Privacy Office if they are unsure of their obligations under Interac policies, standards, and procedures or applicable law.
      • Promptly notifying the Interac Privacy Office of any confidentiality incident or other loss or theft of, or unauthorized access to, use or disclosure of, personal information.
      • Promptly notifying the Interac Privacy Office of any access request, privacy inquiry, or complaint.
    6. Enterprise Vendor Management Office
      • Selecting and managing vendors that handle or have access to personal information, supported by Interac’s Privacy Office, Legal, Risk Management, and Information Security teams.
    7. Other Personnel
      All Interac Personnel who have access to personal information are responsible for:

      • Reviewing and acting in compliance with this policy and related policies, standards, and procedures.
      • Notifying individuals of the purposes for which their personal information will be collected, used, and disclosed, and obtaining consents in accordance with Interac policies and procedures, where applicable.
      • Limiting collection of personal information to what is needed to accomplish the purposes identified to individuals, in accordance with Interac policies, standards and procedures.
      • Refraining from accessing, using, or disclosing personal information unless required for performance of their job duties and permitted by applicable policies, standards, and procedures.
      • Taking reasonable steps to confirm that information is accurate and up-to-date before using personal information, where appropriate.
      • Seeking guidance from the Interac Privacy Office if they are unsure of their obligations under Interac policies, standards, and procedures or applicable law.
      • Regularly identifying and disposing of transitory information, which is no longer needed to support business activities, in a secure manner and in accordance with Interac’s retention and destruction policies and procedures.
      • Promptly notifying the Interac Privacy Office of any confidentiality incident or other loss or theft of, or unauthorized access to, use, or disclosure of, personal information.
      • Promptly notifying the Interac Privacy Office of any access request, privacy inquiry, or complaint.

    Interac will take steps to communicate to personnel their roles and responsibilities in connection with processing personal information, as described above.

  • Interac verification service Terms and Conditions and Privacy Notice

    INTERAC® VERIFICATION SERVICE – TERMS AND CONDITIONS

    LAST UPDATED: September 29, 2024

    Please carefully read this Agreement before agreeing to use the Interac verification service(the “Service”). The Service allows you to authorize Identity & Data Providers to provide certain User Information about you to Relying Parties chosen by you. This Agreement is between you and 2859824 ONTARIO LIMITED (“Interac”, “us”, “we” or “our”), a subsidiary of Interac Corp.

    By clicking “Agree”,

    • you are agreeing to be bound by this Agreement; and
    • you are confirming either that you have reached the age of majority in the province in which you reside or that you are a minor and your parent or legal guardian has had an opportunity to review this Agreement and has consented to your use of the Service.

    This Agreement takes effect on the date that you click “Agree”.

    If you do not agree to this Agreement, click “Cancel” and you may not use the Service.

    DEFINITIONS:

    • Agreement” means these Interac verification service Terms and Conditions and the Interac verification service Privacy Notice, which is incorporated into this Agreement, as may be amended by Interac from time to time upon notice to you in accordance with section 12.
    • Credentials” means the credentials that you use for authentication purposes to access services at your Financial Institution or which are otherwise required by your Financial Institution to access the Service, such as username, password, card number, biometric identifiers (including fingerprints, voice patterns and facial recognition), one-time passcode or other information.
    • Electronic Access Device” means a cell phone, smart phone, mobile device, desktop or personal computer, tablet or other electronic device that you may use to access the Service.
    • Financial Institution” or “FI means the financial institution in Canada with which you have a current banking relationship that has agreed to be an Identity & Data Provider and that you have chosen to act as your first Identity & Data Provider.
    • Identity & Data Provider” (which may sometimes be referred to as a ‘connection’) means an eligible organization in Canada that participates in the Service and that generates or holds User Information, including a financial institution, credit bureau, telecommunications provider, government departments and agencies and other eligible third parties.
    • Modification” has the meaning set out in section 4.
    • Personal Information” means information about an identifiable individual, including: name, email address, mobile or home phone number(s), mailing address, date of birth and certain of your account, profile or other information.
    • Privacy Notice”means the privacy notice located at https://stage.interac.ca/verification-service/terms-and-conditions-and-privacy-notice/#privacy-notice or any successor URL.
    • Released Parties” means Interac, your Financial Institution and all other Identity & Data Providers and Relying Parties that participate in the Service, and, as applicable, their respective affiliates, subsidiaries, divisions, suppliers and service providers, and all of their respective directors, officers, employees and agents, and “Released Party” means any one of them.
    • Relying Party” means an eligible organization in Canada that participates in the Service and that asks you to provide User Information through the Service to facilitate its interactions with you, for example, to help verify your identity or eligibility for Third Party Offerings. When adding a new Identity & Data Provider as a connection, you may be asked to share User Information with that new Identity & Data Provider; for the purposes of that sharing transaction, that Identity & Data Provider will be deemed to be a Relying Party.
    • Third Party Offerings” has the meaning set out in section 7.
    • Third Party Terms” has the meaning set out in section 7.
    • User Information” means all Personal Information and other information about you, that is generated or held by Identity & Data Providers and that is available to be shared through the Service.

    you” or “your” means the person who wishes to use the Service, and whose Credentials have been used to register for the Service.

    SERVICE CLAUSES:

    1. THE SERVICE

    The Service is provided and operated by Interac. Interac will not charge you a fee to use the Service.

    In order to register to use the Service, you will be required to select a financial institution with which you have an online banking relationship to create your Interac verification service account.

    During your initial registration to use the Service and prior to each use of the Service, your Financial Institution will authenticate you using your Credentials. The use of your Credentials to authenticate you is subject to and governed by the terms of your agreement with your Financial Institution.

    This Financial Institution will then, for the purposes of the Service, become your first Identity & Data Provider. The Personal Information your Financial Institution has about you and which may be shown as part of the registration process will be your initial User Information for the Service. If any of your displayed initial User Information is incorrect, you must discontinue the registration process and contact your Financial Institution to update your information. After updating your information, you may attempt to register for the Service again.

    After registration, (1) you will have an opportunity to add additional Identity & Data Providers as connections, and (2) additional User Information from your Identity & Data Providers, including your Financial Institution, may be added to your Interac verification service account.

    The Service allows you to authorize your selected Identity & Data Providers to share certain of your User Information with a Relying Party to facilitate your interactions with the Relying Party (or if that Relying Party is another Identity & Data Provider, to facilitate its addition as a connection and enable your future sharing transactions). No User Information will be shared without your authorization, except to the extent such User Information may be shared with your mobile telecommunications provider or its authorized agent for the purposes of (1) verifying your mobile number associated with your Electronic Access Device, if any, or (2) completing certain security assessments associated with your Electronic Access Device.

    Except (1) in connection with a specific transaction where you expressly agree, (2) where the identity of the Identity & Data Provider or Relying Party is evident due to the nature of the transaction, the User Information that you agree to share or the then current participants in the Service, (3) as required by law, or (4) if an investigation is required (for example, as a result of an actual (or suspected) unauthorized transaction):

    • an Identity & Data Provider will not know which Relying Party receives your User Information, and
      a Relying Party will not know which Identity & Data Provider(s) provide your User Information.

    2. YOUR RESPONSIBILITY FOR USE OF YOUR ELECTRONIC ACCESS DEVICE, YOUR CREDENTIALS AND THE ACCURACY OF YOUR USER INFORMATION

    Your obligation to protect your Electronic Access Device, your Credentials, and the other information that you use to access and use your Electronic Access Device may be governed by your agreement with your Financial Institution. You will not be able to access the Service if your Financial Institution suspends or revokes your Credentials. If you suspect unauthorized use of your Credentials to access the Service, you should immediately notify your Financial Institution. Once the Service has been accessed using your Credentials, you are responsible for any instruction or consent given regarding your User Information, including any sharing transaction where your User Information has been provided to a Relying Party or another Identity & Data Provider. You must close the browser session of the Interac verification service upon completion of an Interac verification service transaction.
    You will have an opportunity to review certain of your User Information maintained by the applicable Identity & Data Provider(s) that the Relying Party has requested be shared before you agree to share information with that Relying Party. You are responsible for ensuring that any such User Information is accurate and up to date. You are also responsible for ensuring the accuracy of your User Information in the systems of the applicable Identity & Data Provider(s) before you share it. If any User Information is inaccurate, you agree to notify the Identity & Data Provider that maintains such User Information before you agree to share that User Information through the Service. In addition, you agree that you will not knowingly use the Service to share any inaccurate User Information.

    3. PERSONAL INFORMATION

    When you agree to share User Information from your Identity & Data Provider(s) with a Relying Party through the Service, you are providing express consent to share all Personal Information that is included in such User Information. Although your User Information was originally collected by or on behalf of your Identity & Data Provider(s) under their respective terms and privacy policies, when you authorize your User Information to be shared with a Relying Party through the Service, you consent to the handling of all User Information shared through the Service (including all Personal Information) in accordance with this Agreement, including, for greater certainty, the Privacy Notice.
    For more information about the collection, use and disclosure of your Personal Information as part of the Service, please see the Privacy Notice.
    Once your User Information has been sent to a Relying Party through the Service with your consent (other than to another Identity & Data Provider for the purposes of adding them as a connection), it is handled in accordance with the Relying Party’s privacy policy, its agreements with you, and all applicable laws.

    When you share your User Information with a Relying Party that is another Identity & Data Provider for the purposes of adding them as a connection, that Identity & Data Provider is only entitled to use and handle that User Information for the purposes of attempting to match that information with information about you in its or its service provider’s systems or records to facilitate their addition as a connection and for no other purpose. Subject to this agreed limited use, your User Information is collected, used, disclosed and retained by the Identity & Data Provider in accordance with its privacy policy, any agreements it has with you and all applicable laws.

    Neither Interac, nor any Identity & Data Provider is responsible or liable for any use or disclosure by any Relying Party of User Information provided to that Relying Party through the Service.

    4. MODIFICATION OF SERVICE OR TERMINATION OF SERVICE BY US

    Modification

    We reserve the right at any time to modify the Service, including the addition, modification or removal of Service features or functionality (collectively, a “Modification”). Information on Modifications will be made available at https://www.interac.ca/en/verification-service/ and/or through the Interac verification service application. All Modifications will be subject to this Agreement. Subject to section 12, if applicable, your continued use of the Service after implementation of a Modification will mean that you agree to that Modification and its applicability to you.

    Suspension or Termination

    We reserve the right to interrupt, restrict or limit your use of the Service (or any part thereof), or to temporarily or permanently suspend, discontinue or terminate the Service or your participation in it, at any time.

    5. DISCONTINUING THE USE OF THE SERVICE BY YOU

    You may discontinue your use of the Service at any time by closing your Interac verification service account.
    You can close your Interac verification service account by following the steps outlined here: How to Close your Interac verification service Account. You may also be able to close your Interac verification service account through your Financial Institution.

    Closing your Interac verification service account will mean that you no longer have an active Interac verification service account, you will not be able to initiate new transactions to share User Information with Relying Parties, sharing transactions that you previously authorized may not be completed, and you will not have access to any transaction records that summarize previous Interac verification service account activities. However, closing your Interac verification service account will not affect (1) any of the User Information held by your Identity & Data Providers or shared with your Relying Parties, or (2) any transaction records maintained by the Service.

    If you wish to use the Service in the future after closing your Interac verification service account, you will need to complete the Service registration process again and set up a new Interac verification service account. You can use your existing Credentials to open your new Interac verification service account.

    6. INTELLECTUAL PROPERTY OWNERSHIP, RESERVATION OF RIGHTS

    The Service is the intellectual property of Interac and its suppliers and licensors, and is protected by law, including the intellectual property laws of Canada, the United States and other countries, and by international treaty provisions. Except as expressly stated in this Agreement, this Agreement does not grant you any ownership rights in or to the intellectual property in the Service. All rights in the Service not expressly granted are reserved by Interac and its suppliers and licensors.

    7. THIRD PARTY OFFERINGS

    The Service is designed to facilitate your interaction with various online services, websites and applications offered by Relying Parties (or, in certain instances, one of your Identity & Data Providers), including your access to or purchase of any products, services or information from them (“Third Party Offerings”). Third Party Offerings are provided by the applicable third party, and are not provided as part of the Service.

    Your access to and use of any Third Party Offering, is governed by the terms and conditions respecting such Third Party Offering found on or through the applicable website, application or elsewhere (“Third Party Terms”). This Agreement does not change any Third Party Terms. You are solely responsible for fulfilling any commitments you make to the third party making the Third Party Offering available to you.

    No Released Party endorses or makes any representations, warranties or guarantees with respect to any Third Party Offering, or is liable to you in any way with respect to any Third Party Offering (except if it is also the provider of the Third Party Offering, in which case the Third Party Terms apply to such Third Party Offering).

    LIMITATIONS AND WARRANTIES CLAUSES:

    8. No Warranties or Conditions

    You agree that your use of and access to the Service is at your sole risk. The Service is provided on an “as is” and an “as available” basis.

    No Released Party warrants the performance or results you may obtain by using the Service or that the Service will be error-free or uninterrupted, except to the extent any warranty, condition, representation or term cannot or may not be excluded or limited by law applicable to you in your jurisdiction.

    Without limiting the foregoing, no Released Party makes any representations, warranties or conditions (express, implied or collateral whether by statute, common law, custom, course of dealing, usage of trade or otherwise) as to the Service including non-infringement of third party rights, merchantability, title, integration, security, accessibility, availability, accuracy, reliability, quiet enjoyment, satisfactory quality, or fitness for any particular or general purpose.

    9. Limitation of Liability

    If you are a consumer within the meaning of applicable provincial or territorial consumer protection legislation, this section does not limit any legal rights that such legislation does not allow you as a consumer to waive. In particular, the limitation of Interac’s liability for the consequences of its acts will not apply if (1) the Consumer Protection Act (Quebec) applies to this Agreement, and (2) you are a consumer within the meaning of that Act and you reside or are domiciled in the Province of Quebec. The liability of each Released Party will be limited to the fullest extent permitted by applicable law.

    Interac is not charging you for the Service based, in part, on the allocation of liability between you and each Released Party as set out in this section.

    No Released Party will be responsible for lost profits, revenues, business or data; loss of privacy; damage to reputation; indirect, incidental, special, consequential, exemplary or punitive or other similar damages; or, to the extent permitted by law, direct losses or damages; in each case, relating to, arising out of, or in any way in connection with this Agreement or your use of or inability to use the Service, regardless of the cause of action (for example, contract, tort or otherwise), even if any Released Party has been advised of the possibility of such damages.

    This Agreement sets forth the entire liability of the Released Parties and your exclusive remedy with respect to the Service and its use.

    GENERAL CLAUSES:

    10. Assignment

    You may not assign this Agreement. We may assign this Agreement to any successor provider of the Service by providing notice to you.

    11. Entire Agreement

    This Agreement represents the entire agreement between you and us concerning the Service.

    12. Amendment and Termination of the Agreement

    Amendment

    We reserve the right at any time to amend this Agreement by notifying you of such amendment at https://www.interac.ca/en/legal/#interac-verification-service-terms-and-conditions-and-privacy-notice and/or through the Interac verification service when you next use it. Your continued use of the Service after being notified of an amendment will mean that you agree to the new form of this Agreement, as amended.

    If you do not agree to an amendment, you must close your Interac verification service account as contemplated in section 5. You may not amend this Agreement.


    Termination

    You may terminate this Agreement at any time for any reason by closing your Interac verification service account as contemplated in section 5.

    This Agreement will terminate immediately without notice from us if you fail to comply with any provision of this Agreement, if we permanently terminate the Service or your participation in the Service or if your Interac verification service account is permanently closed for any reason.

    Upon the termination of this Agreement, you will no longer be able to access the Service.

    13. Governing Law and Jurisdiction

    If you reside or are domiciled in the Province of Quebec, this Agreement is governed by the laws of the Province of Quebec, and any dispute relating to this Agreement will be subject to the exclusive jurisdiction of the Courts of the Province of Quebec.

    Otherwise, you agree that this Agreement is governed by the laws of the Province of Ontario, and that any dispute relating to this Agreement will be subject to the exclusive jurisdiction of the Courts of the Province of Ontario, in the City of Toronto.

    14. Additional Provisions

    If any part of this Agreement is found to be void or invalid and unenforceable, it will not affect the validity of the remaining provisions of this Agreement, which will remain valid and enforceable according to its terms. The failure to enforce any term of this Agreement on one occasion will not prevent enforcement on any other occasion or the enforcement of any other term. Headings and captions will not be considered included for purposes of interpretation or application hereof, but are for convenience only.

    Unless otherwise required by applicable law (1) you agree that you may not bring a legal action, regardless of form, for any claim arising out of or related to this Agreement more than two years after the cause of action arose, and (2) upon the expiration of such time limit, any such claim and all respective rights related to the claim lapse.

    Except as expressly stated in this Agreement, there are no third party beneficiaries to this Agreement. The parties expressly acknowledge and agree that the Released Parties are third party beneficiaries of this Agreement, and it is agreed that we are acting as agent and trustee for them in respect of their rights under this Agreement.

    15. Survival

    Sections 2, 3, 5, 6, 8, 9, 10, 11, 13, 14 and this section 15, and such other provisions that by their nature should survive termination will survive the termination of this Agreement for any reason.

    16. Contact Information

    If you have any questions, suggestions or feedback (collectively, “feedback”) about the Service or this Agreement, please submit such feedback to feedback@interac.ca . By submitting feedback to us, you agree that we may use such feedback for any purpose related to the Service without any obligation to compensate you.

    17. Copies of These Terms

    A copy of this Agreement will be available through our website at https://www.interac.ca/en/legal/#interac-verification-service-terms-and-conditions-and-privacy-notice. If you wish to retain a copy of this Agreement, you may print it from our website.

    Interac and the Interac logo are trademarks of Interac Corp.

    Interac® verification service – PRIVACY NOTICE

    Last Updated: September 29, 2024

    The Interac® verification service is an information management and sharing service provided by 2859824 Ontario Limited (“Interac”, “us”, “we” or “our”), a subsidiary of Interac Corp. Interac is committed to respecting and protecting your privacy and the security of your Personal Information. This Privacy Notice explains how information about an identifiable individual (“Personal Information”) is collected, used, disclosed, stored, retained, processed and safeguarded in connection with use of the Interac verification service and the Interac verification service web application (collectively, the “Service”). By using the Service, you agree and consent to the collection, use, disclosure, storage, retention, processing and safeguarding of your Personal Information in accordance with this Privacy Notice.

    About the Service

    The Service allows you to authorize your selected Identity & Data Providers to share certain of your information with Relying Parties.

    Activity Data means Personal Information and other information that is collected or generated by Interac and its authorized service providers for the purposes of operating and maintaining the Service.  Activity Data collected for these purposes includes general information about your transactions, such as the type of Relying Party with which you consented to share your User Information, as well as the type and the sensitivity level of the information you are sharing.

    Identity & Data Provider (which may sometimes be referred to as a ‘connection’) means an eligible organization in Canada that participates in the Service and that generates or holds certain information about you. Examples of Identity & Data Providers include financial institutions, credit bureaus, telecommunications providers, government departments and agencies and other eligible third parties.

    Relying Party means an eligible organization in Canada that participates in the Service and that asks you to provide certain of your User Information through the Service to facilitate its interactions with you, for example, to help verify your identity or eligibility for product or service offerings. Examples of potential Relying Parties include financial institutions (e.g., for online bank account applications), telecommunications service providers (e.g., for account opening and service or device eligibility), online merchants (e.g., for hotel bookings), government departments and agencies (e.g., for program eligibility) and other eligible third parties. When adding a new Identity & Data Provider as a connection, you may be asked to share certain User Information with that new Identity & Data Provider. For the purposes of that sharing of User Information, that Identity & Data Provider will be deemed to be a Relying Party.

    User Information means Personal Information that is generated or held by Identity & Data Providers and that is available to be shared through the Service.

    You, you or your means the person who wishes to use the Service, and whose Credentials (as defined below) have been used to register for the Service.

    How we collect and use your information

    REGISTRATION

    The Service registration process requires you to select the financial institution in Canada that is participating in the Service (“Financial Institution” or “FI”) that you have an active and existing business relationship with to create your Interac verification service profile, which will form the basis of your Canadian Interac verification service account. This FI will become your first Identity & Data Provider.

    As part of the registration process, and prior to each use of the Service, your FI will authenticate you using your existing banking credentials that you use for authentication purposes to access services at your FI or which are otherwise required by your FI to access the Service, such as username, password, card number, biometric identifiers (including fingerprints, voice patterns and facial recognition), one-time passcode or other information (collectively, “Credentials”). Once you are initially authenticated by your FI, your FI will create and store an individualized Interac verification service account identifier for you which is distinct from your Credentials and will register this identifier with the Service.

    Following your successful authentication using your Credentials during the registration process, your selected FI will provide a summary of your User Information available for you to share with Relying Parties. If any of your User Information displayed during registration is incorrect, you must discontinue the registration process and contact your FI to update your User Information in its files, to the extent required.

    CONSENT TO SHARE YOUR INFORMATION

    The Service allows you to authorize your selected Identity & Data Providers to share certain of your User Information with a Relying Party to facilitate your interactions with the Relying Party (or if that Relying Party is another Identity & Data Provider, to facilitate its addition as a connection) with your express consent. Although your User Information was collected by or on behalf of your FI and other Identity & Data Providers under their respective terms and privacy policies, when you authorize your User Information to be shared with a Relying Party (including a Relying Party that is another Identity & Data Provider solely for the purposes of adding them as a connection through the Service), it is collected, used, disclosed, stored, retained, processed and safeguarded by the Service under the terms of this Privacy Notice and, as noted above, only with your express consent. Once the information is received by the Relying Party (other than another Identity & Data Provider for the purposes of adding them as a connection), it is used, disclosed and retained in accordance with the privacy policy of the Relying Party, its agreement with you and all applicable laws.

    When you share your User Information with a Relying Party that is another Identity & Data Provider for the purposes of adding them as a connection, that Identity & Data Provider is only entitled to use and handle that User Information for the purposes of attempting to match that information with information about you in the Identity & Data Provider’s system to facilitate their addition as a connection and for no other purpose.  Subject to this agreed limited use, your User Information is collected, used, disclosed, retained, stored, processed and safeguarded by the Identity & Data Provider in accordance with its privacy policy, any agreements it has with you and all applicable laws.

    In addition, Interac may have access to your Credentials, or to other Personal Information that you have provided, to facilitate the Service and/or other services that you may agree to use in connection with the Service.  Any Personal Information provided for use with other services will be collected, used, disclosed and retained in accordance with the privacy policies applicable to those other services and will not be subject to this Privacy Notice.

    GENERAL

    Interac may, but is not obligated to, monitor the Service in an effort to identify unauthorized use and to protect users and Service participants (namely, FIs and other Identity & Data Providers and Relying Parties).

    Activity Data collected or generated by the Service also includes information about activities that occur with your Interac verification service account, including, for example, your registration with the Service, successful and failed logins from your electronic access device (as defined below), information about your electronic access device, such as its model, operating system, device ID and MAC address, connections established with new Identity & Data Providers, and consents to share your User Information. (For the purposes of this Privacy Notice, “electronic access device” includes your cell phone, smart phone, mobile device, desktop or personal computer, tablet or other electronic device that you may use to access the Service.)

    MOBILE PHONE NUMBER COLLECTION AND USE BY RELYING PARTY IN RELATION TO THE Interac® verification service

    A Relying Party may collect and use your mobile phone number to send you a link (via text message) to engage with the Service.  The mobile phone number that you provide for this purpose is collected by the Relying Party (not by Interac) and is subject to the Relying Party’s privacy policy and any other agreement it may have with you.

    Protecting your information

    All of your User Information that you authorize an Identity & Data Provider to share with a Relying Party through the Service will be protected with security mechanisms intended to prevent your User Information from being identified, accessed or misused when it is sent through the Service.

    Your Activity Data is stored in protected form. Only authorized personnel will have the ability to retrieve Activity Data from the Service’s audit systems.

    Disclosing your information

    The Service allows you to authorize your selected Identity & Data Providers to share certain of your User Information with a Relying Party to facilitate your interactions with the Relying Party (or if that Relying Party is another Identity & Data Provider, to facilitate its addition as a connection) with your express consent. Because your User Information may include private or confidential Personal Information, please ensure that you understand how it will be used and further disclosed by a Relying Party before giving your consent to share any of your User Information.

    Interac may report suspected fraudulent activity to Service participants, including the FI you selected when first registering for the Service, or other parties as permitted or required by law, and certain of your Personal Information may be included in those reports to assist with fraud prevention, detection, investigation and remediation.

    In connection with providing the Service, Interac may transfer or provide access to your Personal Information to outside agents or service providers that perform services on our behalf (e.g., data hosting or processing services), or that otherwise collect, use, disclose, store, retain, process or safeguard information on our behalf for the purposes described in this Privacy Notice. Interac requires such service providers to maintain comparable protections over Personal Information shared with them.

    We may also disclose Personal Information: (a) to any governmental authority where required by law, (b) in response to a court order, subpoena, discovery rule, or other lawful request, (c) as otherwise required under any applicable law, rule, or regulation, (d) in good faith, if an investigation is required (for example, as a result of a potential privacy breach or unauthorized transaction(s)), or (e) to protect or defend our rights or property or those of other persons.

    If we sell our business or any part thereof that operates any portion of the Service, we may transfer Activity Data to prospective purchasers to the extent necessary to enable consideration of the transaction. We may also transfer any Personal Information in our control at the time of such a transaction to the purchaser so that the purchaser can continue to operate the Service after the transaction has been completed.

    Storing and retaining your information

    When you consent to the sharing of your User Information from an Identity & Data Provider to a Relying Party through the Service, your User Information is temporarily held in our networks to facilitate the successful transfer. Information is purged from the network in accordance with our record retention policies.

    User Information that is made available on your electronic access device for your review before you consent to having it shared with a Relying Party by the applicable Identity & Data Provider(s) is maintained within the Identity & Data Provider’s systems and is not stored locally on your electronic access device.

    Other information that we generate or collect in order to provide the Service, such as account identifiers and other Activity Data, is only retained for as long as necessary to administer the Service.

    Activity Data is stored by the Service for legal, regulatory, suspected fraudulent activity investigations and dispute resolution purposes in accordance with our record retention rules.

    Personal Information that is stored by the Service is maintained on our servers, or those of our service providers, and is accessible only by our authorized employees, representatives and service providers who require access in connection with their responsibilities.

    Suspending or closing your Interac® verification service account

    Authorized personnel of Interac or its service providers supporting the operation of the Service have the ability to suspend or delete (close) your Interac verification service account in accordance with the Interac verification service Terms and Conditions governing your use of the Service. In the event your Interac verification service account is suspended and you wish to have it re-activated, you can obtain information at https://www.interac.ca/consumers/support/faq-consumers/#faq-interac-verification-service . You may also wish to contact your FI’s Customer Support team to obtain additional details and required steps in order to reactivate your Interac verification service account.

    You may discontinue your use of the Service at any time by closing your Interac verification service account.

    To close your Interac verification service account, please follow the steps outlined here: How to Close your Interac®  verification service account. You may also be able to close your Interac verification service account through your FI.

    Closing your Interac verification service account will mean that you no longer have an active Interac verification service account, you will not be able to initiate new transactions to share your User Information with Relying Parties, sharing transactions that you previously authorized may not be completed, and you will not have access to any transaction records that summarize previous Interac verification service account activities. However, closing your Interac verification service account will not affect (1) any of your User Information held by your Identity & Data Providers or previously shared with your Relying Parties, (2) any transaction records or other Activity Data maintained by the Service; or (3) any Personal Information which you have provided for use with other services.

    If you wish to use the Service in the future after closing your Interac verification service account, you will need to complete the Service registration process again and set up a new Interac verification service account. You can use your existing Credentials to open your new Interac verification service account.

    Accessing and correcting your information

    Your User Information resides with your applicable Identity & Data Providers and with Relying Parties with which you have chosen to share it. Although your User Information may be shared with Relying Parties (with your consent) via the Service, Interac is not an Identity & Data Provider. Requests for access to your User Information, including requests to correct or modify it, must therefore be made by you directly to your Identity & Data Providers or Relying Parties.

    In connection with sharing transactions, you will have an opportunity to view a summary of certain of your User Information within the Interac verification service web application before you authorize your User Information to be shared with a Relying Party. The viewable User Information will be displayed within the Interac verification service web application.  Identity & Data Providers may provide you with details on how to update or correct your User Information within the Identity & Data Provider’s files, or you may have to contact them to update or correct your User Information.

    You can obtain additional information on how to access or correct your Personal Information by visiting our Support Centre at https://www.interac.ca/consumers/support/faq-consumers/#faq_98665.

    Notifications

    Depending on the FI you select to associate your Interac verification service account with, you may receive notifications of some of your Service activities from your FI, such as registration completion and on authentication events occurring within your Interac verification service account. These notifications are intended to provide you with information on Service usage so that you may act upon notifications that you do not recognize as yours.  None of the Relying Parties or Identity & Data Providers that participate in the Service are permitted to send you unprompted emails or text messages asking for personal details through the Service.

    Dispute resolution, questions or concerns

    In the event you identify transaction(s) that you have not authorized or receive a notification from your FI regarding (or otherwise become aware of) unauthorized activity with your Interac verification service account, please contact customer support of your FI with which you associated your Interac verification service account. Upon your authorization, your FI’s customer support personnel will be able to retrieve your Interac verification service activity information and work with you to report unauthorized transactions to Interac and/or its service providers.

    General queries or concerns on the privacy aspects of the Service may be directed to the Interac Privacy Officer. Contact details are provided below.

    Third party participants

    This Privacy Notice applies to the collection, use, disclosure, storage and retention of Personal Information in connection with the operation of the Service by Interac and its service providers, including third parties that host and operate certain components of the Service on behalf of Interac. This Privacy Notice does not apply to your FI or any of the Identity & Data Providers and Relying Parties that use, handle, disclose or retain your Personal Information in connection with your dealings with them that are distinct from the Service, and such parties will be governed by their own privacy policies and agreements with you when they collect, use, disclose, store, retain, process or safeguard your User Information in the ordinary course of their dealings with you outside of the Service.

    Privacy Notice changes

    This Privacy Notice is effective as of the date shown above and may be revised from time to time. We encourage you to review this Privacy Notice frequently to obtain the current version. Your continued use of the Service following any changes to this Privacy Notice constitutes your acceptance of any such changes.

    For more information

    If you require clarification about this Privacy Notice, or would like to request more information about the Service, including who to contact to request access for your Interac verification service account information, please contact our Privacy Office at privacy@interac.ca or in writing to:

    Interac Privacy Office
    200 Bay Street, Suite 2400
    P.O. Box 45, Toronto, Ontario M5J 2J1
    Canada

    Interac is a trademark of Interac Corp.

  • Interac® document verification service – Privacy Policy

    Privacy Policy

    Last Updated: March 21, 2024

    This Privacy Policy explains how 2859824 Ontario Limited (“Interac”, “us”, “we”, “our”), a subsidiary of Interac Corp., collects, uses, discloses, stores, safeguards, processes and retains personal information in the course of offering and providing the Interac® document verification service. Our services facilitate digital identity verification capabilities, which may include document and facial recognition technologies along with data matching services that compares data from uploaded documents to data that you provide or that is generated or held by other data providers, including your mobile service provider (or its authorized agent), a credit bureau or your financial institution.

    In some instances, the Interac document verification service may be used in conjunction with the Interac® verification service. For further information on the use of personal information on the Interac verification service please consult the Interac verification service privacy policy.

    This policy does not apply to the practices of companies or other entities that Interac does not own or control, or to people that Interac does not employ or manage.  When you supply, or authorize us to supply, personal information to a third party, the third party’s handling of that personal information is governed by the third party’s privacy policy.

    1. What is “personal information”?

    “Personal information” means information about an identifiable individual.

    2. What personal information do we collect?

    Interac collects personal information that you provide or authorize third parties to provide when you register for, use or interact with our software, services or website, and we do so via software development kits (“SDKs”), canvas fingerprinting, device token and/or application programming interface (“API”).  More specifically, Interac may collect your name, address, telephone number, email address, information from your mobile service provider (e.g., certain account or SIM card information, including date of last change), geographic location information, images (selfies), videos and sound recordings of yourself; images, videos ,  and information of documents that you upload or provide through our services, which may include images of your driver’s license, passport, health card, and other government issued documents and the image metadata and biometric data, including facial scan data and numerical biometric data, extracted from all such images and videos.   We collect the results of the various checks conducted as part of a biometric check.  We may also collect information relating to the document status of any document that you upload or provide through our services and other similar information, including anonymized website usage data.  We may also collect device data including browser and site/app usage information, device identifiers, internet protocol (IP) address, broad location data, information about the device you are using to access the service (for example the operating system used, whether the device is providing false randomized device and network information or has otherwise been compromised) and how you interact with the device, our website or app. The information is collected automatically as you interact with our services (through the use of our website or app) and through standard web technologies (e.g. JavaScript code). We may also collect personal information forming part of a fraud report.

    3. How do we use personal information?

    We collect your personal information:

    • To provide you or third parties with services, including document validation through the Interac document verification service and other digital identity services;
    • To provide support for our services, to respond to your queries and to send you information about our services;
    • On behalf of certain eligible service providers (each, a “Relying Party”) that participate in the Interac verification service operated by Interac, provided that Interac hosts certain components required for a Relying Party’s use of the Interac verification service;
    • For legitimate business purposes, including record keeping and to protect our rights, to enforce our policies;
    • To create aggregate information to enhance and optimize our services; and
    • To enable service enhancements that prevent and detect fraud, including comparison of user data submitted as part of an identity check (including biometric identifiers) to information previously verified, as well as identifying how often a unique device is used to create a new service applicant within a 24-hour window.

    4. When do we disclose personal information?

    We share your information with third parties in the following circumstances:

    • If you use the Interac verification service provided by Interac to help verify your identity with a third-party service provider we will, with your consent, share your personal information with the relevant Relying Party(ies) engaged in the Interac verification service transaction;
    • If you are using the Interac document verification service, we will share your personal information with the parties involved in the document validation transaction;
    • To detect and prevent fraud;
    • When service providers perform services and functions on our behalf, including data hosting, the provision of additional information to support document validation and other identity validation services, and document and image validation through the Interac document verification service;
    • As required by law, to a government or regulatory authority in response to a legal investigation;
    • In response to a court order, subpoena, discovery request or other lawful judicial or administrative proceeding;
    • As otherwise required by any applicable law, rule or regulation;
    • In good faith, to protect or defend the rights or property of Interac and other customers or users; and
    • In the event that we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets.

    Please note that once you submit your personal information to Interac, in your use of the Interac document verification service, you will not be able to cancel the service transaction, nor will you be able to stop the generation of information by the service and its disclosure to your authorized third-party recipient(s).

    5. How long do we retain your personal information?

    We will retain your personal information for as long as reasonably necessary to fulfill the relevant purposes set out in this Privacy Policy and in order to comply with Interac’s legal or regulatory obligations. Without limiting the foregoing, we may retain your personal information for up to 60 days following your transaction, unless otherwise instructed, by the third-party you have authorized, to retain your personal information for a longer period of time. In the event that we host your personal information on behalf of a Relying Party participating in the Interac verification service, such information will be retained in accordance with our agreement with that Relying Party.

    6. How do we protect your personal information?

    The file containing your personal information will be maintained on our servers or those of our service provider(s) and will be accessible by authorized employees, contractors and service providers who require access for the purposes described in this policy. We have implemented technical, organizational and physical security measures appropriate to the sensitivity of the information and that follow standard industry practices to safeguard your personal information. These measures are designed to protect your information from unauthorized, accidental or unlawful access, disclosure, use and modification. From time to time, we review our security procedures to consider appropriate new technology and methods.

    7. How do you access your information or inform us about inaccurate information?

    It is your responsibility to inform us of any inaccurate personal information about you that is provided to us.  You can request to access, correct, update, and delete your personal information at any time by contacting our Privacy Office.

    8. How do you withdraw your consent to this policy?

    You may withdraw your consent to the collection, use and disclosure of personal information about you at any time.  To do this, please contact our Privacy Office.  Withdrawal of your consent to the collection, use and disclosure of your personal information may result in us being unable to continue to provide services to you, including being unable to validate any images or documents through our services.

    If you request to delete your personal information, we will fulfil your request, but some personal information may persist in backup copies for a certain period of time, and may be retained as necessary for legal purposes, in accordance with this policy and applicable laws.

    Please note however, that once you submit your personal information to Interac, you will not be able to cancel the service transaction, nor will you be able to stop the generation of information (including personal information) by the service, nor will you be able to withdraw your consent to its use by or disclosure to your authorized third-party recipients.

    9. Additional information about cookies and data transfer

    Our website uses cookies.  A cookie is a small text file created by a website that is stored in the user’s device either temporarily for that session only or permanently on the hard disk (persistent cookie). Cookies provide a way for the website to recognize you and keep track of your preferences.  By using our website and agreeing to this Privacy Policy, you consent to our use of cookies in accordance with the terms of this policy.

    We also collect, use, transfer and disclose data in a form that does not, on its own, permit direct association with any specific individual, including information about your electronic access device, such as its model, operating system, device ID and MAC address.

    Your personal information may be transferred to or stored or processed by us or our service providers in countries other than Canada.  By using our services, you consent to the transfer of your personal information to countries outside your country of residence, which may have different personal data protection rules than in your country.  Further, if you have consented to use of your personal information by a Relying Party, as part of the Interac verification service, that Relying Party may communicate your personal information in other jurisdictions.  For further information please contact the respective Relying Party directly.

    For Quebec residents, as indicated above, your information may be communicated outside Quebec. If you require further information regarding who may have access to your personal information and the roles and responsibilities of those parties, please contact our Privacy Office at privacy@interac.ca

    10. Amendments to this Privacy Policy

    We may amend this Privacy Policy at any time, without notice to you, by updating this webpage or the application on which this policy is located.  We will notify you of such a change by announcing the change on our website or providing a notice on our software application (or by such other means as may be appropriate given the circumstances).  Your continued use of our website, software or services constitutes your consent to the contents of any updated policy.

    11. Privacy of children under the age of 13

    We do not knowingly collect personal information from anyone under the age of 13.  If we become aware that we have inadvertently captured any personal information about a person who is under 13 years of age, we will take the appropriate steps to delete any such personal information.

    12. Other Important Information

    We use technology that leverages machine learning models and/or human powered processes that allows us to create reports generated from results from services rendered.

    When you use the Interac document verification service to help verify your identity to a third-party service provider, we provide the third-party service provider involved in the document validation transaction with a copy of the report which contains a breakdown of the results of various checks we’ve conducted and may contain an overall recommendation related to next steps.  It is up to the third-party service provider involved in the document validation transaction to review the report and decide how to proceed regarding your transaction with them, based on all the information they possess (including their own data and data that you have provided to them directly).

    13. How to Contact Us
    At Interac, the person in charge of the protection of personal information is Interac Corp. Chief Legal Officer and Corporate Secretary.

    In the event that you:

    • Have any questions about this Privacy Policy, our privacy policies or practices, or about the collection or handling of your personal information in connection with Interac document verification service;
    • Want to withdraw consent to continued collection, use, disclosure or other processing of your personal information;
    • Want to access, update, or correct your personal information, or exercise any other rights you may have under applicable laws; or
    • Want to make a complaint respecting Interac’s handling of your personal information or otherwise challenge Interac’s compliance with applicable data protection legislation,

    please feel free to contact our Privacy Office by email at privacy@interac.ca, or write to us at:

    Privacy Office Interac Corp.
    Royal Bank Plaza, North Tower, P.O. Box 45 200 Bay Street, Suite 2400
    Toronto, Ontario M5J 2J1 Canada

    Copyright © 2024, Interac Corp. All rights reserved.

    Except as permitted by law, no part of this document nor any of Interac’s trademarks, logos and service marks may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.

    Published by Interac Corp., Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1

    ®,™: Trade-mark of Interac Corp.

  • Interac Verified Services Privacy Agreement

    Last Updated: October 1, 2024

    We are committed to respecting your privacy and the personal information that you entrust to us. Together, this agreement (the “Agreement”), our Privacy Policy, and any other consent we may obtain, sets out how we will collect, access, use, disclose, and store your personal information. All references to “Interac”, “we”, “us” and similar terms in this Agreement refer to 2859824 Ontario Limited, a subsidiary of Interac Corp.

    You agree that when you use the Interac Verified™ app (the “Verified App”) and related features (including the demonstration feature available through the Verified App), functionalities or services, or the Interac® document verification service, Interac Verified™  credential (“Verified Credential”), or Interac® sign-in service (collectively, “Services”), Interac will need to collect, access, use, disclose, and store your personal information for the reasons and purposes as described in this Agreement, in any other consents obtained from you, and in accordance with our Privacy Policy.

    We will limit the collection and use of your personal information to what we require in order to serve you, as our customer, and to administer our business.

    This Agreement does not apply to, and we are not responsible for, any third-party websites, products, or services. We urge you to carefully review the privacy practices of any third-party who you authorize to collect, receive, use, communicate, disclose or otherwise process your personal information.

    This Agreement does not apply to the Interac® Verification Service, except as otherwise noted. For more details about this particular service, see the Interac verification service Terms and Conditions and Privacy Notice.

    For information on other Interac products and services, please see: Interac.ca Privacy Policy.

    Contents

    To learn more about how your personal information is handled by Interac in connection with the Services, please click through the following sections:

    1. What is personal information
    2. What types of personal information we collect and why
    3. How we use your personal information
    4. Why we share your personal information
    5. Biometric processing for Interac Document Verification Service
    6. How long we keep your personal information
    7. How we protect your personal information
    8. Your rights and choices over your personal information
    9. When we transfer your personal information
    10. Additional notices for Quebec users
    11. Updates to this Privacy Agreement
    12. How to contact us
    13. Acknowledgements

    1. What is personal information

    Personal information means any information, in any form, that is about an individual, who is identifiable using that information alone or in combination with other available information.

    2. What types of personal information we collect and why

    We collect information about you from a variety of sources in connection with the Services, including information provided to us by Your Financial Institution (as defined below) and information collected directly from you and your devices.

    For clarity, Interac collects information about you on multiple occasions, over time, each time that you use the Services, as necessary to fulfill the purposes set out in this Agreement, or as otherwise required or permitted by applicable law.

    You should be aware that Interac relies on the accuracy of information provided to us by you and, if applicable, Your Financial Institution. You should take steps to ensure that such information is correct, including updating and verifying the information about you that is held by Your Financial Institution.

    a. Information Collected from Your Financial Institution

    When you create a Verified Credential or use the Interac sign-in service to access eligible websites operated by or on behalf of the Government of Canada, you will be asked to select and authenticate yourself with one or more banks with which you have a relationship (collectively, “Your Financial Institution”).

    • Interac sign-in service: For the Interac sign-in service, we do not receive any personal information from Your Financial Institution. Our role is to facilitate the secure transmission of authentication data between Your Financial Institution and the Government of Canada using anonymous identifiers. The information exchanged during this process may include an anonymous session identifier, your language preference, and your IP address, and is used to provide and maintain the security and integrity of the Interac sign-in service.
    • Interac Verified Credential: For the Verified Credential, we receive certain information from Your Financial Institution, such as family name, given name and date of birth. This information is used to verify the information you provide directly to us. For details on how your personal information is managed in connection with the Interac verification service, please refer to the Interac verification service Privacy Notice.

    b. Information Collected from You Directly

    You may provide us with certain information directly from time-to-time, when you register to use our Services, update or otherwise make changes to your profile or account associated with the Services. For example, when you register for our Services, you will be required to provide information such as your name, email address, and contact information. This information is used to create and manage your account, authenticate your identity, and provide you with access to our Services.

    When you create a Verified Credential, you will be asked to provide certain information, such as a photo of your government-issued ID and a video selfie, for document and identity verification purposes. To verify your identity, we use facial recognition technology to extract and compare your facial biometric data from these images, as detailed in the “Biometric Processing for Interac Document Verification Service” section below.

    Once your document and identity have been verified, information on the image captured of your government-issued ID, such as your contact information, demographic data, date of birth, sex/gender, height, signature, ID number, date of issuance, date of expiry, and other information contained on or associated with your ID, will be used to confirm the validity of your identification to prevent fraud.  Your family name, given name, date of birth and photo, along with the image of your government issued ID, will form part of your Verified Credential.

    c. Information Collected from Your Devices

    When you use our Services, certain information is collected automatically from the device you use, including through cookies, to measure and improve the performance of the Services, personalize your experience, enhance security, and enable certain features and functions of our Services. Such information includes:

    • device ID and type; operating system type and version, and other operating system information; browser type and version and other information about your browser;
    • internet protocol (IP) address; and the region or general location where your computer or device is accessing the internet based on your IP address (country, province, city, postal code); and
    • information about how users interact with our Services, such as the date and time when you use the Services, number and type of actions conducted via the Services, time spent using the Services, and access status (e.g. your ability to access the Services or receipt of an error message).

    The data described above may also be used to generate aggregate statistical data, for the purposes described below under “How we use your personal information”.

    In addition to the above, if you create a profile associated with the Services and choose to enable biometric authentication, Interac or its service providers will receive confirmation of identity from the device that you use to access the Services. For clarity, neither Interac nor its service providers will receive or have access to biometric information, but rather, such information will remain only on your device and only confirmation of identity verification (or notice of failure to authenticate identity) will be transmitted to Interac.

    You confirm that you consent to and authorize us to collect your personal information from these sources and, if applicable, you have authorized and consented to the sources providing your personal information.

    3. How we use your personal information

    We will only use your personal information to provide the Services and perform related activities, and for other purposes as required or permitted by applicable law, including to:

    • operate and facilitate your use of the Services, including to verify your identity, authenticate you, create and maintain your profile or account associated with the Services (where applicable), and respond to requests received;
    • prevent and detect fraud, unauthorized transactions, and otherwise protect you and other users of our products, services and websites from fraud and other wrongful or illegal activities, claims and other liabilities;
    • carry out our obligations that may arise from any agreements we have entered into with you, Your Financial Institution, Relying Parties or other third parties;
    • contact and correspond with you including (without limitation) emailing you to confirm your email address and sending communications regarding your profile or account associated with the Services (e.g., security alerts), where applicable;
    • investigate complaints, disputes or other customer service issues related to the Services;
    • manage risk exposure with respect to the integrity and security of the Services and our other products, including (without limitation) to help diagnose problems with our server, administer the Verified App, analyze trends, prevent and detect attacks on our Verified App or other digital properties or attempts at fraud;
    • comply with legal and regulatory requirements;
    • manage our business needs, such as monitoring, analyzing, testing and improving our products and services, the performance and functionality of our Services, and the performance and functionality of our infrastructure; and
    • generate aggregate statistical data so that it cannot be used to identify you as an individual. The anonymized and aggregated data will then be used to evaluate, improve and market our Services, including to monitor and improve the utility, security, content, and user experience, and to develop additional products, services and Without limiting the above, anonymized and aggregated data may be used for the purposes of assembling statistical reporting for our participating financial institutions and governmental authorities, conducting market research respecting our products and services, and compiling statistical analysis of the behaviour of users or groups of users. For clarity, this aggregated data will not be used for specific targeted advertisements to you.

    Without limiting the above, we compile, analyze and combine different categories of data that we collect from all of the sources described in this Agreement for the purposes of risk assessments, as well as to detect and prevent fraud. We may also use information collected in connection with the Services to detect and prevent fraud across other Interac products and services (e.g., Interac e-Transfer), as well as to develop fraud detection models and countermeasure rules.

    In particular, when you use our Services, we may use technology that includes functions that allow you to be located, identified, and profiled for fraud purposes. This technology is activated when you consent to the collection, use and disclosure of your personal information in accordance with this Agreement, and will then be active whenever you use the Services unless and until you withdraw your consent. In addition, we may use personal information collected as part of the Services to make fraud and transaction approval decisions based exclusively on automated processing of your information.

    You confirm that you consent to and authorize us to use your personal information for the purposes outlined in this Agreement.

    4. Why we share your personal information

    If you choose to create a Verified Credential, you may share your Verified Credential with Relying Parties to facilitate transactions with you, verify your identity, determine your eligibility for products or services, or for other purposes disclosed to you by Relying Parties when they request your Verified Credential. We may also share your information with third parties for the purpose of assisting in the investigation and resolution of complaints, disputes or customer service requests that you have submitted to such third parties, which relate to the Services.

    Information disclosed to third parties will be outside Interac’s control and will be handled in accordance with the third party’s own privacy policies and procedures, which may differ from Interac’s. If you have questions about how a Relying Party will handle your personal information, you should contact them directly.

    a. Service Providers

    We need the help of our service providers to be able to offer the Services. We share your personal information with our service providers who perform services for the purposes described in this Agreement. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and require these service providers by contract to only process personal information in accordance with our instructions and in compliance with applicable laws. We also require them to safeguard the security and confidentiality of the personal information they process on our behalf.

    In particular, we use service providers to facilitate identity verification and biometric authentication, as well as for data analytics and fraud analysis. We also use third party data centers and customer service support, as well as third party software for event logging, IP traffic interception and network security.

    b. Relying Parties in connection with Interac Verified Credential

    If you choose to create a Verified Credential, you may share your Verified Credential (e.g., your name, date of birth, and other identity attributes) with third parties, such as financial institutions, telecommunications service providers, online merchants, government departments and agencies, and other participating entities (“Relying Parties”), that you authorize via the Verified App. These Relying Parties use this information to facilitate transactions with you, verify your identity, determine your eligibility for products or services, or for other purposes disclosed to you by Relying Parties when they request your Verified Credential. However, once you share your Verified Credential with a Relying Party, the information is outside Interac’s control. We are not responsible for the actions or omissions of Relying Parties, including for any use or disclosure of your personal information (or failure to protect your personal information) by a Relying Party. If you have questions about how a Relying Party will handle your personal information, you should contact them directly.

    c. Fraud Investigations

    To the extent permitted by applicable law, we disclose information that we, in good faith, believe is appropriate in investigations of fraud or other wrongful or illegal activity or to conduct investigations of violations of the terms and conditions for using our products and services. At our sole discretion, subject to any legal restrictions, we may report suspicious activity relating to fraud or other wrongful or illegal activities to the appropriate legal authorities, to our participating financial institutions and other third parties. For example, we may report suspicious activities where we believe those activities could result in physical harm or financial loss to any person. We may also report activities that we view as a pattern of fraudulent, wrongful or illegal behaviour.

    d. Business Transfers

    We may be involved in the sale, transfer or reorganization of some or all of our business at some time in the future. As part of that sale, transfer or reorganization, we may disclose your personal information to the acquiring organization but will take any measures required by applicable law in connection with such disclosures.

    e. Required or Permitted by Law; Dispute Resolution

    We may disclose your personal information to a government institution that has asserted its lawful authority to obtain the information, or where we are permitted to do so pursuant to applicable law and have reasonable grounds to believe the information could be useful in the investigation of unlawful activity, or to legal authorities, government officials or third parties where necessary to comply with a subpoena or warrant or an order made by a court, person or any other body with jurisdiction to compel the provision of information. We may also disclose your personal information in order to comply with court rules and regulations regarding the provision of records and information or as otherwise permitted or required by law.

    We may also disclose your personal information to other third parties for the purpose of assisting with the investigation or resolution of complaints, disputes or other customer service issues related to the Services.

    Where your consent is required by law, you confirm that you consent to and authorize us to share your personal information for the purposes outlined in this Agreement. Interac will obtain your consent to collect, use or disclose your personal information for any purpose other than those described above, except where your consent is not required by applicable law.

    5. Biometric Processing for Interac document verification service

    The Interac document verification service provides secure identity and document verification for the creation of your Verified Credential. This service uses facial recognition technology to verify your identity. We will obtain your express consent before collecting or processing your biometric data, in compliance with applicable laws.

    Please note that in some cases, Relying Parties may offer alternative methods for identity verification that do not involve biometric data. For information about these alternatives, please contact the Relying Party directly.

    a. Collection and Use of Biometric Data

    To verify your identity when using the Interac Document Verification Service to create a Verified Credential, we will request that you take a clear photo of your government-issued ID and record a brief video selfie. Facial recognition technology will then be used to extract and compare your facial biometric data (i.e., a unique vector or digital representation of your facial features) from these images to confirm that the identity on your ID matches your selfie.

    b. Third-Party Vendors

    We work with trusted third-party vendors, to facilitate the identity and document verification process. These vendors are contractually bound to comply with our instructions and applicable laws and to implement appropriate safeguards to protect your personal information.

    c. Retention and Security

    Third-party vendors will securely delete your biometric data within 7 days of completion of the verification process. During this time, third-party vendors may retain the data, including other information collected during the process, for the purpose of resolving any technical or other issues that may arise during the identity verification process and improving the accuracy and reliability of the service.

    To help prevent fraud, we may retain your photo and video selfie   for up to 60 days after the verification process is complete. Your information may be stored or processed in jurisdictions outside your province, territory, or country of residence.

    We take steps to securely store and process your personal information and limit access to authorized personnel. For more details on our security practices, see the “How we protect your personal information” section.

    6. How long we keep your personal information

    You acknowledge that your personal information is retained for as long as reasonably necessary to fulfill the relevant purposes set out in this Agreement and in order to comply with Interac’s legal or regulatory obligations. When determining the retention period, we consider factors including the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact if we delete some information about you, mandatory retention periods, and statutory limitation periods. As always, once archived, your personal information is kept secure.

    In particular, without limiting the above, your transactional logs related to the Verified Credential (e.g., date and time of the transaction, name of the Relying Party, type of credential verified) will be retained for 7 years to comply with legal and regulatory requirements, support audits and investigations, and prevent and detect fraud. The Verified Credential (e.g., name, date of birth, or other identity attributes) is securely stored on your device and will automatically expire after 12 months, unless you delete it earlier or the credential’s specified expiration date occurs sooner.

    7. How we protect your personal information

    We take precautions to protect your personal information against unauthorized access, disclosure, inappropriate alteration, and misuse. We maintain appropriate physical, technological, organizational and administrative safeguards to help protect your personal information. We update and test our security technology, standards and processes on an ongoing basis.

    Transmission methods used to transfer information over the Internet, or methods of electronic storage, are not 100% secure. Although we implement measures to protect your personal information, we cannot fully ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We cannot guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of our safeguards. In particular, we cannot eliminate the risk of unauthorized transactions, especially if: (a) you use the Services on a public, work or shared device, (b) you share the login credentials for your profile associated with the Services (“Login Credentials”) with another person; or (c) an unauthorized person obtains access to your personal device or your Login Credentials.

    You play a valuable part in security. After you have finished using the Services, you should log out and exit your browser to prevent unauthorized users from returning to your online session. If you are accessing the Services via a mobile device, you should ensure that your device’s privacy settings are set in accordance with your privacy preferences. If you believe your personal information has been compromised or that someone has improperly used or provided information to Interac about you that you did not authorize, please contact us as set out in this Agreement.

    8. Your rights and choices over your personal information

    You acknowledge that under certain circumstances and in accordance with applicable privacy laws, you are entitled to certain rights over your own personal information, as listed below. Please refer to the “How to contact us” section below, to exercise these rights.

    • Right of access – You have the right to be informed of the existence, use and disclosure of your personal information by us, including a listing of the third-party organizations with whom the information has been shared. You can also access your information and may be entitled to receive a copy of your information.
    • Right to challenge accuracy – You have the right to challenge the accuracy, completeness and currency of your personal information in our possession.
    • Right to rectification of errors – When you demonstrate the inaccuracy or incompleteness of your personal information held by us, we must correct the inaccuracies and/or add a notation to the information, as appropriate.
    • Right to limit use of personal information – As a condition of providing you access to the Services, we cannot require that you allow us to process your personal information beyond that which is required to fulfil the explicitly specified and legitimate purposes.
    • Right to withdraw consent – If we rely on your consent to collect, use, or disclose your personal information, you are able to withdraw consent at any time, subject to certain requirements and limitations under applicable Please note that withdrawing your consent may affect our ability to provide you with the Services you have requested. In some circumstances, we may still be required to retain certain information in backups or as necessary to comply with legal or regulatory obligations, even after you withdraw your consent.
    • Right to make a complaint – You have the right to be able to address data protection issues with our Privacy Office and you also have the right to make a complaint to the relevant data protection

    There are some exceptions to these rights. For example, without limitation, some information may not be accessed or deleted if it contains personal information of other persons or if we are required by law to keep it. In addition, you may have other rights pursuant to applicable laws in the province or territory where you are located, including in connection with automated processing of your personal information, automated decision-making, and the right to request access to or transfer of your information in a structured, commonly used technological format, unless doing so raises serious practical difficulties.

    If you wish to exercise your rights described above or require further information regarding your rights or circumstances that may limit the rights you can exercise, please contact us as set out in this Agreement.

    9. When we transfer your personal information

    Some of the information you provide to us may be shared with our service providers that are located outside of Canada. Such service providers are subject to contractual requirements and restrictions governing their processing of personal information, including obligations to safeguard the security and confidentiality of such personal information. You should be aware that information that is transferred or stored outside Canada may be accessible to courts, law enforcement and national authorities in other countries, in accordance with local laws and regulations.

    10. Additional notices for Quebec users

    Your information may be communicated outside Quebec, including to other provinces or countries. Some of our service providers that collect information about you in connection with their services are also located in the United States.

    Your information will be accessible to Interac employees who have a need to access such information to perform their duties. In addition, certain insights derived from your information will be available to other Interac personnel.

    You may find more information regarding the roles and responsibilities of Interac personnel with respect to personal information at Roles and Responsibilities of Interac Personnel Throughout the Lifecycle of Personal Information.

    11. Updates to this Privacy Agreement

    You acknowledge that Interac may review this Agreement periodically to reflect changes in privacy regulations and in our practices. We will post a prominent notice of any relevant and material changes to this Agreement when they occur and indicate when the Agreement was most recently updated. We will obtain consent to any material changes to how we collect, use, share or otherwise process your personal information when required by applicable law.

    12. How to contact us

    At Interac, the person in charge of the protection of personal information is Rebecca Ma, Chief Privacy and Compliance Officer.

    In the event that you:

    • Have any questions about this Agreement, our privacy policies or practices, or about the collection or handling of your personal information in connection with the Services (including if you have questions about the collection, use, disclosure or storage of your personal information by our service providers outside Canada, or want to obtain written information about such service providers);
    • Want to withdraw consent to continued collection, use, disclosure or other processing of your personal information;
    • Want to access, update, or correct your personal information, or exercise any other rights you may have under applicable laws; or
    • Want to make a complaint respecting Interac’s handling of your personal information or otherwise challenge Interac’s compliance with applicable data protection legislation,

    please feel free to contact our Privacy Office by email at privacy@interac.ca, or write to us at:

    Privacy Office Interac Corp.

    Royal Bank Plaza, North Tower, P.O. Box 45 200 Bay Street, Suite 2400

    Toronto, Ontario M5J 2J1 Canada

    You may also find more information regarding the process for making inquiries or complaints with respect to your personal information at Process for Handling Inquiries and Complaints.

    13. Acknowledgements

    By agreeing, I confirm that I authorize and consent to Interac to collect, use, access, disclose, and store my personal information in accordance with the terms of this Agreement, the Privacy Policy, and any other consent we may obtain.

    Copyright © 2024, Interac Corp. All rights reserved.

    Except as permitted by law, no part of this document nor any of Interac’s trademarks, logos and service marks may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.

    Published by Interac Corp., Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1

    ®,™: Trade-mark of Interac Corp.

  • Interac Verified Services Privacy Policy

    Last Updated: October 1, 2024

    Introduction

    At 2859824 Ontario Limited (“Interac”, “we” or “us”), a subsidiary of Interac Corp., we respect your personal information, and we take steps to ensure the proper use, protection and security of personal information placed in our care.

    This Privacy Policy explains our personal information collection, use and disclosure policies and practices in connection with the Interac Verified™ app (the “Verified App”) and related features (including the demonstration feature available through the Verified App), functionalities or services, and the Interac® document verification service, Interac Verified™ credential (“Verified Credential”), and Interac® sign-in service (collectively, “Services”), in order to help you understand how we handle personal information you provide to us when you use our Services. For information on other Interac products and services, please see: Interac.ca Privacy Policy. This Privacy Policy does not apply to, and we are not responsible for, any third-party websites, products, or services. We urge you to carefully review the privacy practices of any third-party who you authorize to collect, receive, use, communicate, disclose or otherwise process your personal information.

    This Privacy Policy does not apply to the Interac® verification service, except as otherwise noted. For details on how your personal information is managed in connection with the Interac verification service, please refer to the Interac verification service Privacy Notice.

    Contents

    To learn more about how your personal information is handled by Interac in connection with the Services, please click through the following sections:

    1. What is personal information
    2. What types of personal information we collect and why
      1. Information Collected from Your Financial Institution
      2. Information Collected from You Directly
      3. Information Collected from Your Devices
    3. How we use your personal information
    4. Why we share your personal information
      1. Service providers
      2. Relying Parties in connection with Interac Verified Credential
      3. Fraud Investigations
      4. Business transfers
    5. Biometric processing for Interac document verification service
      1. Collection and Use of Biometric Data
      2. Third-Party Vendors
      3. Retention and Security
    6. How long we keep your personal information
    7. How we protect your personal information
    8. Your rights and choices over your personal information
    9. When we transfer your personal information
    10. Additional notices for Quebec users
    11. Updates to this Privacy Policy
    12. How to contact us

    1.  What is personal information

    Personal information means any information, in any form, that is about an individual, who is identifiable using that information alone or in combination with other available information.

    2.  What types of personal information we collect and why

    We collect information about you from a variety of sources in connection with the Services, including information provided to us by Your Financial Institution (as defined below) and information collected directly from you and your devices.

    For clarity, Interac collects information about you on multiple occasions, over time, each time that you use the Services, as necessary to fulfill the purposes set out in this Privacy Policy, or as otherwise required or permitted by applicable law.

    You should be aware that Interac relies on the accuracy of information provided to us by you and, if applicable, Your Financial Institution. You should take steps to ensure that such information is correct, including updating and verifying the information about you that is held by Your Financial Institution.

    a. Information Collected from Your Financial Institution

    When you create a Verified Credential or use the Interac sign-in service to access eligible websites operated by or on behalf of the Government of Canada, you will be asked to select and authenticate yourself with one or more banks with which you have a relationship (collectively, “Your Financial Institution”).

    • Interac sign-in service: For the Interac sign-in service, we do not receive any personal information from Your Financial Institution. Our role is to facilitate the secure transmission of authentication data between Your Financial Institution and the Government of Canada using anonymous identifiers. The information exchanged during this process may include an anonymous session identifier, your language preference, and your IP address, and is used to provide and maintain the security and integrity of the Interac sign-in service.
    • Interac Verified Credential: For the Verified Credential, we receive certain information from Your Financial Institution, such as family name, given name, and date of birth. This information is used to verify the information you provide directly to us. For details on how your personal information is managed in connection with the Interac verification service, please refer to the Interac verification service Privacy Notice.

    b. Information Collected from You Directly

    You may provide us with certain information directly from time-to-time, when you register to use our Services, update or otherwise make changes to your profile or account associated with the Services. For example, when you register for our Services, you will be required to provide information such as your name, email address, and contact information. This information is used to create and manage your account, authenticate your identity, and provide you with access to our Services.

    When you create a Verified Credential, you will be asked to provide certain information, such as a photo of your government-issued ID and a video selfie, for document and identity verification purposes. To verify your identity, we use facial recognition technology to extract and compare your facial biometric data from these images, as detailed in the “Biometric Processing for Interac document verification service” section below.

    Once your document and identity have been verified, information on the image captured of your government-issued ID, such as your contact information, demographic data, date of birth, sex/gender, height, signature, ID number, date of issuance, date of expiry, and other information contained on or associated with your ID, will be used to confirm the validity of your identification to prevent fraud. Your family name, given name, date of birth and photo, along with the image of your government issued ID, will form part of your Verified Credential.

    c. Information Collected from Your Devices

    When you use our Services, certain information is collected automatically from the device you use, including through cookies, to measure and improve the performance of the Services, personalize your experience, enhance security, and enable certain features and functions of our Services. Such information includes:

    • device ID and type; operating system type and version, and other operating system information; browser type and version and other information about your browser;
    • internet protocol (IP) address; and the region or general location where your computer or device is accessing the internet based on your IP address (country, province, city, postal code); and
    • information about how users interact with our Services, such as the date and time when you use the Services, number and type of actions conducted via the Services, time spent using the Services, and access status (e.g. your ability to access the Services or receipt of an error message).

    The data described above may also be used to generate aggregate statistical data, for the purposes described below under “How we use your personal information”.

    In addition to the above, if you create a profile associated with the Services and choose to enable biometric authentication, Interac or its service providers will receive confirmation of identity from the device that you use to access the Services. For clarity, neither Interac nor its service providers will receive or have access to biometric information, but rather, such information will remain only on your device and only confirmation of identity verification (or notice of failure to authenticate identity) will be transmitted to Interac.

    3. How we use your personal information

    We will only use your personal information to provide the Services and perform related activities, and for other purposes as required or permitted by applicable law, including to:

    • operate and facilitate your use of the Services, including to verify your identity, authenticate you, create and maintain your profile or account associated with the Services (where applicable), and respond to requests received;
    • prevent and detect fraud, unauthorized transactions, and otherwise protect you and other users of our products, services and websites from fraud and other wrongful or illegal activities, claims and other liabilities;
    • carry out our obligations that may arise from any agreements we have entered into with you, Your Financial Institution, Relying Parties or other third parties;
    • contact and correspond with you including (without limitation) emailing you to confirm your email address and sending communications regarding your profile or account associated with the Services (e.g., security alerts), where applicable;
    • investigate complaints, disputes or other customer service issues related to the Services;
    • manage risk exposure with respect to the integrity and security of the Services and our other products, including (without limitation) to help diagnose problems with our server, administer the Verified App, analyze trends, prevent and detect attacks on our Verified App or other digital properties or attempts at fraud;
    • comply with legal and regulatory requirements;
    • manage our business needs, such as monitoring, analyzing, testing and improving our products and services, the performance and functionality of our Services, and the performance and functionality of our infrastructure; and
    • generate aggregate statistical data so that it cannot be used to identify you as an individual. The anonymized and aggregated data will then be used to evaluate, improve and market our Services, including to monitor and improve the utility, security, content, and user experience, and to develop additional products, services and Without limiting the above, anonymized and aggregated data may be used for the purposes of assembling statistical reporting for our participating financial institutions and governmental authorities, conducting market research respecting our products and services, and compiling statistical analysis of the behaviour of users or groups of users. For clarity, this aggregated data will not be used for specific targeted advertisements to you.

    Without limiting the above, we compile, analyze and combine different categories of data that we collect from all of the sources described in this Privacy Policy for the purposes of risk assessments, as well as to detect and prevent fraud. We may also use information collected in connection with the Services to detect and prevent fraud across other Interac products and services (e.g., Interac e-Transfer), as well as to develop fraud detection models and countermeasure rules.

    In particular, when you use our Services, we may use technology that includes functions that allow you to be located, identified, and profiled for fraud purposes. This technology is activated when you consent to the collection, use and disclosure of your personal information in accordance with the Interac Verified Services Privacy Agreement, and will then be active whenever you use the Services unless and until you withdraw your consent. In addition, we may use personal information collected as part of the Services to make fraud and transaction approval decisions based exclusively on automated processing of your information.

    Interac will obtain your prior consent to collect, use or disclose your personal information in accordance with its legal obligations, except where your consent is not required by applicable law.

    4. Why we share your personal information

    If you choose to create a Verified Credential, you may share your Verified Credential with Relying Parties to facilitate transactions with you, verify your identity, determine your eligibility for products or services, or for other purposes disclosed to you by Relying Parties when they request your Verified Credential. We may also share your information with third parties for the purpose of assisting in the investigation and resolution of complaints, disputes or customer service requests that you have submitted to such third parties, which relate to the Services.

    Information disclosed to third parties will be outside Interac’s control and will be handled in accordance with the third party’s own privacy policies and procedures, which may differ from Interac’s. If you have questions about how a Relying Party will handle your personal information, you should contact them directly.

    a. Service Providers

    We need the help of our service providers to be able to offer the Services. We share your personal information with our service providers who perform services for the purposes described in this Privacy Policy. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and require these service providers by contract to only process personal information in accordance with our instructions and in compliance with applicable laws. We also require them to safeguard the security and confidentiality of the personal information they process on our behalf.

    In particular, we use service providers to facilitate identity verification and biometric authentication, as well as for data analytics and fraud analysis. We also use third party data centers and customer service support, as well as third party software for event logging, IP traffic interception and network security.

    b. Relying Parties in connection with Interac Verified Credential

    If you choose to create a Verified Credential, you may share your Verified Credential (e.g., your name, date of birth, and other identity attributes) with third parties, such as financial institutions, telecommunications service providers, online merchants, government departments and agencies, and other participating entities (“Relying Parties”), that you authorize via the Verified App. These Relying Parties use this information to facilitate transactions with you, verify your identity, determine your eligibility for products or services, or for other purposes disclosed to you by Relying Parties when they request your Verified Credential. However, once you share your Verified Credential with a Relying Party, the information is outside Interac’s control. We are not responsible for the actions or omissions of Relying Parties, including for any use or disclosure of your personal information (or failure to protect your personal information) by a Relying Party. If you have questions about how a Relying Party will handle your personal information, you should contact them directly.

    c. Fraud Investigations

    To the extent permitted by applicable law, we disclose information that we, in good faith, believe is appropriate in investigations of fraud or other wrongful or illegal activity or to conduct investigations of violations of the terms and conditions for using our products and services. At our sole discretion, subject to any legal restrictions, we may report suspicious activity relating to fraud or other wrongful or illegal activities to the appropriate legal authorities, to our participating financial institutions and other third parties. For example, we may report suspicious activities where we believe those activities could result in physical harm or financial loss to any person. We may also report activities that we view as a pattern of fraudulent, wrongful or illegal behaviour.

    d. Business Transfers

    We may be involved in the sale, transfer or reorganization of some or all of our business at some time in the future. As part of that sale, transfer or reorganization, we may disclose your personal information to the acquiring organization but will take any measures required by applicable law in connection with such disclosures.

    e. Required or Permitted by Law; Dispute Resolution

    We may disclose your personal information to a government institution that has asserted its lawful authority to obtain the information, or where we are permitted to do so pursuant to applicable law and have reasonable grounds to believe the information could be useful in the investigation of unlawful activity, or to legal authorities, government officials or third parties where necessary to comply with a subpoena or warrant or an order made by a court, person or any other body with jurisdiction to compel the provision of information. We may also disclose your personal information in order to comply with court rules and regulations regarding the provision of records and information or as otherwise permitted or required by law.

    We may also disclose your personal information to other third parties for the purpose of assisting with the investigation or resolution of complaints, disputes or other customer service issues related to the Services.

    5. Biometric Processing for Interac document verification service

    The Interac document verification service provides secure identity and document verification for the creation of your Verified Credential. This service uses facial recognition technology to verify your identity. We will obtain your express consent before collecting or processing your biometric data, in compliance with applicable laws.

    Please note that in some cases, Relying Parties may offer alternative methods for identity verification that do not involve biometric data. For information about these alternatives, please contact the Relying Party directly.

    a. Collection and Use of Biometric Data

    To verify your identity when using the Interac Document Verification Service to create a Verified Credential, we will request that you take a clear photo of your government-issued ID and record a brief video selfie. Facial recognition technology will then be used to extract and compare your facial biometric data (i.e., a unique vector or digital representation of your facial features) from these images to confirm that the identity on your ID matches your selfie.

    b. Third-Party Vendors

    We work with trusted third-party vendors to facilitate the identity and document verification process. These vendors are contractually bound to comply with our instructions and applicable laws and to implement appropriate safeguards to protect your personal information.

    c. Retention and Security

    Third-party vendors will securely delete your biometric data within 7 days of completion of the verification process. During this time, third-party vendors may retain the data, including other information collected during the process, for the purpose of resolving any technical or other issues that may arise during the identity verification process and improving the accuracy and reliability of the service.

    To prevent fraud, we may retain your photo and video selfie for up to 60 days after the verification process is complete. Your information may be stored or processed in jurisdictions outside your province, territory, or country of residence.

    We take steps to securely store and process your personal information and limit access to authorized personnel. For more details on our security practices, see the “How we protect your personal information” section.

    6. How long we keep your personal information

    Your personal information is retained for as long as reasonably necessary to fulfill the relevant purposes set out in this Privacy Policy and in order to comply with Interac’s legal or regulatory obligations. When determining the retention period, we consider factors including the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact if we delete some information about you, mandatory retention periods, and statutory limitation periods. As always, once archived, your personal information is kept secure.

    In particular, without limiting the above, your transactional logs related to the Verified Credential (e.g., date and time of the transaction, name of the Relying Party, type of credential verified) will be retained for 7 years to comply with legal and regulatory requirements, support audits and investigations, and prevent and detect fraud. The Verified Credential (e.g., name, date of birth, or other identity attributes) is securely stored on your device and will automatically expire after 12 months, unless you delete it earlier or the credential’s specified expiration date occurs sooner.

    7. How we protect your personal information

    We take precautions to protect your personal information against unauthorized access, disclosure, inappropriate alteration, and misuse. We maintain appropriate physical, technological, organizational and administrative safeguards to help protect your personal information. We update and test our security technology, standards and processes on an ongoing basis.

    Transmission methods used to transfer information over the Internet, or methods of electronic storage, are not 100% secure. Although we implement measures to protect your personal information, we cannot fully ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We cannot guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of our safeguards. In particular, we cannot eliminate the risk of unauthorized transactions, especially if: (a) you use the Services on a public, work or shared device, (b) you share the login credentials for your profile associated with the Services (“Login Credentials”) with another person; or (c) an unauthorized person obtains access to your personal device or your Login Credentials.

    You play a valuable part in security. After you have finished using the Services, you should log out and exit your browser to prevent unauthorized users from returning to your online session. If you are accessing the Services via a mobile device, you should ensure that your device’s privacy settings are set in accordance with your privacy preferences. If you believe your personal information has been compromised or that someone has improperly used or provided information to Interac about you that you did not authorize, please contact us as set out in this Privacy Policy.

    8. Your rights and choices over your personal information

    Under certain circumstances and in accordance with applicable privacy laws, you are entitled to certain rights over your own personal information, as listed below. Please refer to the “How to contact us” section below, to exercise these rights.

    • Right of access – You have the right to be informed of the existence, use and disclosure of your personal information by us, including a listing of the third-party organizations with whom the information has been shared. You can also access your information and may be entitled to receive a copy of your information.
    • Right to challenge accuracy – You have the right to challenge the accuracy, completeness and currency of your personal information in our possession.
    • Right to rectification of errors – When you demonstrate the inaccuracy or incompleteness of your personal information held by us, we must correct the inaccuracies and/or add a notation to the information, as appropriate.
    • Right to limit use of personal information – As a condition of providing you access to the Services, we cannot require that you allow us to process your personal information beyond that which is required to fulfil the explicitly specified and legitimate purposes.
    • Right to withdraw consent – If we rely on your consent to collect, use, or disclose your personal information, you are able to withdraw consent at any time, subject to certain requirements and limitations under applicable Please note that withdrawing your consent may affect our ability to provide you with the Services you have requested. In some circumstances, we may still be required to retain certain information in backups or as necessary to comply with legal or regulatory obligations, even after you withdraw your consent.
    • Right to make a complaint – You have the right to be able to address data protection issues with our Privacy Office and you also have the right to make a complaint to the relevant data protection

    There are some exceptions to these rights. For example, without limitation, some information may not be accessed or deleted if it contains personal information of other persons or if we are required by law to keep it. In addition, you may have other rights pursuant to applicable laws in the province or territory where you are located, including in connection with automated processing of your personal information, automated decision-making, and the right to request access to or transfer of your information in a structured, commonly used technological format, unless doing so raises serious practical difficulties.

    If you wish to exercise your rights described above or require further information regarding your rights or circumstances that may limit the rights you can exercise, please contact us as set out in this Privacy Policy.

    9. When we transfer your personal information

    Some of the information you provide to us may be shared with our service providers that are located outside of Canada. Such service providers are subject to contractual requirements and restrictions governing their processing of personal information, including obligations to safeguard the security and confidentiality of such personal information. You should be aware that information that is transferred or stored outside Canada may be accessible to courts, law enforcement and national authorities in other countries, in accordance with local laws and regulations.

    10. Additional notices for Quebec users

    Your information may be communicated outside Quebec, including to other provinces or countries. Some of our service providers that collect information about you in connection with their services are also located in the United States.

    Your information will be accessible to Interac employees who have a need to access such information to perform their duties. In addition, certain insights derived from your information will be available to other Interac personnel.

    You may find more information regarding the roles and responsibilities of Interac personnel with respect to personal information at Roles and Responsibilities of Interac Personnel Throughout the Lifecycle of Personal Information.

    11. Updates to this Privacy Policy

    Interac may review this Privacy Policy periodically to reflect changes in privacy regulations and in our practices. We will post a prominent notice of any relevant and material changes to this Privacy Policy when they occur and indicate when the Privacy Policy was most recently updated. We will obtain consent to any material changes to how we collect, use, share or otherwise process your personal information when required by applicable law.

    12. How to contact us

    At Interac, the person in charge of the protection of personal information is Rebecca Ma, Chief Privacy and Compliance Officer.

    In the event that you:

    • Have any questions about this Privacy Policy, our privacy policies or practices, or about the collection or handling of your personal information in connection with the Services (including if you have questions about the collection, use, disclosure or storage of your personal information by our service providers outside Canada, or want to obtain written information about such service providers);
    • Want to withdraw consent to continued collection, use, disclosure or other processing of your personal information;
    • Want to access, update, or correct your personal information, or exercise any other rights you may have under applicable laws; or
    • Want to make a complaint respecting Interac’s handling of your personal information or otherwise challenge Interac’s compliance with applicable data protection legislation,

    please feel free to contact our Privacy Office by email at privacy@interac.ca, or write to us at:

    Privacy Office Interac Corp.

    Royal Bank Plaza, North Tower, P.O. Box 45 200 Bay Street, Suite 2400

    Toronto, Ontario M5J 2J1 Canada

    You may also find more information regarding the process for making inquiries or complaints with respect to your personal information at Process for Handling Inquiries and Complaints.

    Copyright © 2024, Interac Corp. All rights reserved.

    Except as permitted by law, no part of this document nor any of Interac’s trademarks, logos and service marks may be reproduced or transmitted by any process or means without prior written consent of Interac Corp.

    Published by Interac Corp., Royal Bank Plaza, North Tower, P.O. Box 45, 200 Bay Street, Suite 2400, Toronto, Ontario M5J 2J1

    ®,™: Trade-mark of Interac Corp.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.