Back
🇨🇦

Privacy Policy - Canada

This Privacy Policy explains how we collect, hold, use, share and process your personal data when you use our website, services or mobile application (the "Application"). It also describes your rights in relation to your personal data.

Personal data means any information relating to an identified or identifiable natural person. It does not include anonymous data, which cannot be linked to an individual.

1. About us

Connect Finance Canada Ltd. (hereinafter CFC) offers international money transfer services through its mobile application (the "Services").

CFC is incorporated in Ontario (OCN: 1000864844) and registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

CFC is therefore responsible for processing your personal data in the context of these Services.

"CFC", "we", "us" or "our" means Connect Finance Canada Ltd. . It is the "controller" of your personal data. The term "you" refers to any visitor to our website or application, or any user of our Services.

This document is a Privacy Policy, which means that it applies to CFC's customers within the European Union.

2. How do you contact us about your privacy and data protection?

You can contact us about your privacy, to exercise your data rights and to find out how we use, process, store and protect your personal data by emailing us at support@cnctserv.com.

3. Types of personal data we collect and how we collect it

Most of the personal data we process is provided to us directly by you with your prior consent. The following sets out the information we collect and process and where it comes from. The collection and use of data is essential to provide our Services and to ensure the security of the Services. We use the data to increase the security of your online payments while reducing the risk of fraud, money laundering and other harmful activities.

StepsPersonal data collected
Information we collect when you :
  • - register on the application ;
  • -use our Services;
  • -enter your information and transaction details;
  • -correspond with us;
  • -respond to one of our Services;
  • -Take part in online discussions;
  • -Talk to a member of our team or use a conversational assistant;
  • -enter competitions; and/or
  • -contact us for any other reason.
  • -Name, address, date and place of birth.
  • -Email address, telephone number and details of the device you use (e.g. device ID).
  • -Income and occupation.
  • -Proof of address.
  • -Details and copies of your identity documents (e.g. passport or ID card) and your image for comparison purposes (in the form of a photo or video).
  • -Recordings of our exchanges, if you contact us or if we contact you (including recordings of telephone calls and chat conversations) with the technical possibility of objecting.
  • -Your geographical location and IP address.
  • -Information relating to your transaction (for example, the person to whom you are sending money, reason for payment).
  • -Information about your payment method (e.g. credit card details and encrypted bank details).
Information we collect when you use our Services on our application or website.
  • -Information about the use of our products, including the date, time and amount of transfers, beneficiary details, your IP address, messages sent or received, details of the device used to make the payment and the payment method used.
  • -Technical information, including IP address, login details, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • -Information about your visit, including the full clickstream of our website or App URL (including date and time); page response times, download errors, length of visits to particular pages, page interaction information, methods used to navigate the page.
  • -Optional information:
  • If you give us access to it, information stored on your device, such as contact details from your contact list.
Information we collect from third parties.

Information from your use of third party applications, such as the Apple App Store or Google Play Store, social networking sites, including your name, social network ID, location information, email address, device ID, browser ID and profile picture. Your use of third party applications is subject to the privacy policy and terms of use of those applications.

Information from our service providers in destination countries, such as names associated with particular telephone numbers.

Information we collect on social networks.We may use publicly available information about you from certain websites or social networking applications to conduct enhanced due diligence checks (to comply with our anti-money laundering or sanctions control obligations).
Information from other public sources.We have a legal obligation to verify your identity as part of our anti-money laundering checks. To do this, we collect information and contact details from public sources, such as online registers or directories.

As a result of the Services we offer, we may process the personal data of persons other than users of the Application, such as recipients of transfers or other persons making requests or complaints.

4. Age requirements

Our Services are not designed for minors under the age of 18. If we become aware that someone under the age of 18 is using our Services, we will take all reasonable steps to ensure that we cease all processing of their data and will inform them accordingly.

5. Sensitive personal data

In certain limited circumstances, we also collect, process and store sensitive personal data to enable us to comply with our legal and regulatory obligations (for example, biometric data to carry out anti-money laundering checks). Other information may be considered sensitive in your country. All sensitive information is subject to appropriate levels of protection.

6. Our legal basis for using your personal data

We must have a valid legal reason for using your personal data. The grounds on which we rely are as follows:

  • Contractual obligations: we need personal data to provide our Services and we cannot provide them without this information. We use personal data to enter into agreements with you and to fulfil our contractual obligations. Where we process personal data that is sensitive data (i.e. biometric data or data that may reveal political opinions), we process it on the proper legal basis that such processing is necessary for important public interest reasons (for example, to prevent or detect unlawful acts).
  • Legal obligations: in some cases, we have a legal responsibility to collect and retain your personal data (for example, for tax purposes or under anti-money laundering laws, we must retain certain information about our customers).
  • Legitimate interests: where this is necessary for our legitimate interests (or those of a third party) and your fundamental interests and rights do not override those interests.
  • Consent: where you have given us your consent to process your personal data.

You explicitly consent to us accessing, processing and storing personal data in connection with the provision of the money transfer service.

7. How do we use your personal data?

We use your personal data for the purposes set out below.

We use your data to provide our Services:

  • - To fulfil agreements we have with you and manage our relationship with you.
  • - To process transfers and prove that transactions have been completed.
  • - To process your contact information so that you can search for and link to them more easily, and to improve the accuracy of payments.
  • - To manage user profiles in our databases.
  • - To provide you with customer support (we may record and track all communications between you and us, including telephone calls, in order to maintain appropriate records, verify your instructions, analyse, evaluate and improve our Services for quality and training purposes).
  • - To provide, maintain, customise, optimise and improve the Services, including research and analysis relating to the use of the Services, or to store your information in case you leave the Services and return at a later date.

We use your data to ensure the proper functioning of our Services:

To monitor the use of the Website and the Application, including to determine technical optimisations and improvements.

  • - For customer analysis, to manage our Services and for internal operations, e.g. troubleshooting, data analysis, testing, research and statistical purposes.

We use your data to comply with our legal obligations and exercise our rights:

  • - To confirm your identity and verify your personal information and contact details.
  • - To comply with applicable laws, including anti-money laundering, anti-terrorist financing and sanctions laws, including to verify your identity.
  • - To establish, commence or defend legal proceedings.
  • - To deal with any legal requests from the person concerned.
  • - To meet our legal and regulatory obligations.

We use your data to protect you and other users against fraud:

  • - To detect, investigate and prevent activities which may be fraudulent or illegal, or which may misuse our Services or breach our policies.
  • - To comply with financial crime laws and to confirm that you are eligible to use our Services. We also use it to enable us to manage the risk of fraud in relation to your account.

We use your data to communicate with you:

  • - To communicate with you about our Services, including informing you of changes, asking for your feedback or comments on our Services and dealing with any requests or complaints you may have.

We use your data for marketing purposes and to provide Services that may be of interest to you:

  • - To improve our Services, such as the introduction of new features, and to investigate new business opportunities.
  • - For marketing, product and customer analysis, including testing, for example to improve our product and optimise our offerings to customers.
  • - To be able to manage your participation in competitions, offers and events.
  • - To provide you with information, news and marketing about our Services, including where we work with third parties to provide similar services.
  • - For advertising, including personalised advertising.

8. With whom do we share your personal data?

Due to the nature of our business, we may from time to time share your data with the following third parties (but we do not sell your personal data).

  • - Recipients of CFC: We also share your personal data with the payment service provider and recipients (via service providers) to whom you transfer money. When you make a transfer, the recipient may receive your information along with your payment (for example, your name and IBAN).
  • - CFC Service Providers: We share your personal data with various providers who perform services that we require to provide our Services to you, for example:
    • - our IT, payment and delivery service providers;
    • - suppliers who help us meet our legal and regulatory obligations, such as identity verification providers and background check providers (who may use your data to carry out checks with credit reference agencies, financial or credit institutions, official registers and databases, and fraud prevention agencies to verify your identity);
    • - our banking and financial services partners and our payment networks;
    • - service providers specialising in statistics (analytics) and research into transfer transactions;
    • - customer service providers, survey providers and developers (including chatbot services); and communications providers.
  • - Third parties authorised by you: we share personal data with parties directly authorised by you. The use of data by an authorised third party is subject to the third party's privacy policy and any agreement you have entered into with them.
  • - For legal reasons: We may also need to share personal data with a law enforcement authority, such as the police or judiciary, a regulatory authority or any other third party where we believe that such disclosure is necessary (i) under applicable law or regulation or (ii) to exercise, establish or defend our legal rights.
  • - For advertisers, advertising and social networks, analytics providers and search engines: We share personal data with these providers (including Google) to select and serve ads relevant to you and others. You consent to the use of personal data by these suppliers for the purposes of personalised advertising. You may unsubscribe at any time by sending an e-mail to contact@cnctserv.com.

9. International data transfers

The personal data we collect is stored within the EU. However, in the event of transfer outside the EU, such transfer will comply with the safeguards required by applicable law. It may also be processed by employees operating outside the country in which you are located, who work for us or for one of our payment processing partners. These employees may, among other things, be involved in processing your payment information and providing customer support. By submitting your personal data, you consent to this transfer, storage or processing.

If we transfer your personal data to another country that does not offer data protection equivalent to the General Data Protection Regulation, we will ensure that your personal data is sufficiently protected. For example, we ensure that a contract with strict data protection measures is in place before we transfer your personal data.

10. Marketing and other communications

We may use the contact details you provide to send you marketing communications about our Services by email, telephone, SMS, WhatsApp, push notification, social networks or other communication formats. This may include news, promotional offers, opportunities to enter competitions to win prizes and updates about our company and our Services (including new services and products).

You have the right to object to the processing of your personal data for marketing purposes.

You can exercise this right at any time by letting us know or by following the instructions in the relevant communication, for example by unsubscribing from emails and replying "STOP" to SMS (messaging charges may apply). We respect your choice and will stop sending you these communications as soon as possible, within one month of receiving your request to unsubscribe. You are free to change your choices at any time. We may contact you to repeat your consent to marketing or other communications.

Please note that if you ask us not to contact you at a particular email address, we will keep a copy of that email address on a "suppression list" in order to respect your wishes not to be contacted.

If you unsubscribe, we may still send you important service and administrative messages, which you cannot unsubscribe from.

CFC authentication by SMS

To enable us to set up strong customer authentication on your account, a PIN code will be sent to your mobile phone once your account has been registered via the application. You will receive a message per request to authenticate yourself; messaging and data charges may apply.

You confirm that you hold the account corresponding to the mobile number you have entered. By registering with CFC and agreeing to receive the PIN, you agree to our Master Payment Service Agreement, this Privacy Policy. For assistance, please contact contact@cnctserv.com.

11. Website links

This website contains links to other websites, clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information you may provide to them. Please refer to the privacy policy of any website you use.

12. Cookies

We use cookies and other tracking technologies on our Website, App and in emails we send to you. Cookies help us to:

  • - remember your information so that you do not have to re-enter it;
  • - track and understand how you use and interact with our Online Services and emails;
  • - tailor our Online Services to your preferences;
  • - to evaluate the usefulness and effectiveness of our Services and communications to you;
  • - manage and improve our Services in other ways.

By continuing to use our Website/Application, you consent to our use of cookies.

13. Automated decision-making

We use automated processes to verify that your request to access and use of our Services meets our standards requirements, including verifying your identity, and to prevent fraud or other illegal activities. These processes may involve an automated decision to refuse your application or a proposed transaction, block a suspicious attempt to log into your account or close your account. If this happens, you will be informed and given the opportunity to provide additional information and to challenge the decision through a redress mechanism, which includes a manual review. In all cases, if you believe that an automated process may have adversely affected you, please contact us at dpo@conctserv.com.

14. Data retention

We will generally retain your personal data for ten years from the end of our business relationship with you, or for as long as necessary, in accordance with various local requirements, such as best practice recommendations (e.g. supervisory authority recommendations), relevant guidelines (e.g. employment instructions) or for as long as required by specific legislation (e.g. tax laws).

We will also determine appropriate retention periods based on our legitimate interests, where applicable. As a regulated financial institution, we are legally obliged to store some of your data beyond the termination of your relationship with us. After this period, your data will only be accessed or processed if absolutely necessary. We will always delete data that is no longer required by applicable legislation.

Where personal data must be deleted, we will delete it manually or automatically, or anonymise it if deletion is not possible.

15. Data security

We have put in place appropriate security measures to prevent accidental loss, unauthorised use or access, alteration or disclosure of your personal data.

We use reasonable physical and technical security measures to protect your personal information, both during transmission and storage. All information you provide to us is stored on our secure servers. All payment transactions will be encrypted using Transport Layer Security protocol technology. You are responsible for the confidentiality of the passwords we provide. Please do not share this password with others or use it for other services or products.

In addition, we restrict access to your personal data to those who need it to carry out their duties (i.e. employees, agents, subcontractors and other third parties who need to know it in the course of their work). In the case of third parties, they will only process your personal data in accordance with our instructions and are bound by a duty of confidentiality.

16. Data protection rights

PIPEDA provides a number of rights relating to how a company processes your personal data.

If you wish to exercise any of the rights below, you can do so by sending us a written request to dpo@cnctserv.com. For security reasons, we cannot process your request if we are not sure of your identity. We may therefore ask you for proof of identity.

Your ability to exercise these rights depends on a number of factors. We may not be able to accept your request (for example, if we have a legitimate reason for not doing so or if the right does not apply to the particular information we hold about you). If you object to the use of personal data that we need to provide our Services, we may have to close your account as we would not be able to provide the Services.

Where you exercise any of your rights, it may take us up to one month to respond or implement certain changes.

  • - Right to be informed: you have the right to know what personal data we collect about you, how we use it, for what purposes and on what legal basis, with whom we share it and how long we keep it. Our Privacy Policy explains this.
  • - Right of access to data: you have the right to receive a copy of the personal data we hold about you (sometimes referred to as a "Data Subject Access Request").
  • - Right of rectification: you have the right to have any incomplete or inaccurate information we hold about you corrected. You may also make updates yourself in the Application.
  • - Right to erasure: you have the right to ask us to erase your personal data if it is no longer necessary for the purposes for which it was collected or necessary to fulfil our legal obligations or for a legitimate interest.
  • - Right to restrict processing: you may ask us to stop using your personal data, including for marketing purposes.
  • - Right to object: you have the right to object to the processing of your personal data. If our legal basis for using your personal data is a "legitimate interest" and you do not agree to us using it, you may object. However, we will assess whether your rights and fundamental freedoms override our interests.
  • - Right to portability: you may ask us to transfer personal data to you or to another company.

17. Queries and complaints

We understand that you may have queries or complaints in relation to this Privacy Policy and more widely in relation to the processing of your personal data. If you wish to contact us directly with a query or complaint, you can do so by emailing dpo@cnctserv.com. If you are not satisfied with the way we have handled your personal data or with any request to exercise your rights, you may lodge a complaint via the contact details below.

Office of the Privacy Commissioner of Canada (OPC)

30 Victoria Street, Gatineau, Quebec K1A 1H3
Tel: 1-800-282-1376

18. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in legislation, best practice and the way in which we process personal data. We will publish a revised version on this website. We recommend that you visit this web page from time to time to keep informed.